Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorizations managed by user parameter

Former Member

‎10-01-2010 4:38 PM

0 Kudos

Hello,

someone tell me that it was possible to manage authorisations by user parameter : for example, you can limit society code in the user and the organizational level in the role will take this value.

Do-you know if it's really possible and if yes, how to make the link between the role and the parameter.

Thank you for your answer.

4 REPLIES 4

jurjen_heeck
Active Contributor

‎10-01-2010 4:53 PM

0 Kudos

As far as I know this cannot be done by standard SAP tools. I would oppose it because in my opinion the user parameters should be accesible to the user for maintenance.

Former Member

‎10-01-2010 6:51 PM

0 Kudos

AS Jurjen said not a good idea. You could search the SDN for lot of discussion on it already. One of them linked here for your help..

[]

sdipanjan
Active Contributor

‎10-01-2010 9:40 PM

0 Kudos

Hi,

User Parameter is not meant for Authorization or security check point. Rather it works similar to the concept of Bookmarking a Website so that you don't need to type the same webaddress again and again in future whenever you want to visit it.

Similarly if you put some value in user parameter for a particular parameter (for e.g. Cost Center) then the user doesn't need to type the Value of the Cost Center the user is authorized to see again and again when ever any Transaction code needs it as Input from the User. That field will come to user as pre-filled with the value from it's saved parameter in SU01.

regards,

Dipanjan

Former Member

‎10-01-2010 9:49 PM

0 Kudos

You seem to have been flamed enough by the 3 gurus and they are correct...

Way out and what you are looking for is "personalization" (see the corresponding tabs in Su01 and PFCG).

So... you can transport then and adminsitrate then without the user changing them as a preference (as PIDs are by design).

It works (unless the backend user has more auths) and is the 14h concept in the security model (PID's are unlucky number 13th concept which is used).

If you dont want to or cannot use authorization objects, then use personalization keys (for the transportable roles or the local user master record).

Cheers,

Julius