Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal Functionality Restriction Using Customized Auth Object

Go to solution
Former Member

‎12-15-2010 9:33 AM

0 Kudos

Hi All,

Understand that all functionality performed via Portal is actually depending on back-end roles which allows reference/ maintenance to employee master data AND customized authorization object requires coding to function.

The above understanding refers; please correct me if I'm wrong. If I were to create customized authorization objects to restrict certain portal functionality (e.g. Profile Matchup), is this possible? I'm still doing research on this and hoping some guidence from you guys. As far as I know, only ABAP program/coding can use the customized authorization object to perform the authorization check but not so sure if the same can applies to Portal.

Appreciate if you could share your thoughts or experiences on this matter. Million thanks.

1 ACCEPTED SOLUTION

Go to solution
mvoros
Active Contributor

‎12-16-2010 1:02 AM

0 Kudos

Hi,

that's not entirely true. Every portal user has portal roles which define how content is grouped together and how it is displayed. That's all what is controlled with these roles. Usually, the transactions from backend systems are exposed via portal. These transactions are run on backend systems so user needs to have proper authorization to rum them. These authorizations are not stored in portal roles and they don't have any impact on portal functionality.

Cheers

4 REPLIES 4

Go to solution
mvoros
Active Contributor

‎12-16-2010 1:02 AM

0 Kudos

Hi,

that's not entirely true. Every portal user has portal roles which define how content is grouped together and how it is displayed. That's all what is controlled with these roles. Usually, the transactions from backend systems are exposed via portal. These transactions are run on backend systems so user needs to have proper authorization to rum them. These authorizations are not stored in portal roles and they don't have any impact on portal functionality.

Cheers

Go to solution
Former Member
In response to mvoros

‎12-16-2010 1:47 AM

0 Kudos

Hi Martin,

Thanks for your reply.

Yes, you're right on the Portal role. My concern is actually on the back-end role which supported the front-end functionalities. The requirement that I got is to restrict portal functionalities to certain group of people. As for example, instead of be able to execute the function for the whole population, can it be restricted to certain group of people? If I were to use cutomized auhtorization object to cater for the restriction in back end (via transaction code), is it possible portal be able to perform the same restriction as backend ? If possible, appreciate if you can explain how.

Thanks much.

Go to solution
mvoros
Active Contributor
In response to mvoros

‎12-16-2010 2:13 AM

0 Kudos

Hi,

what exactly you want to restrict. What to do you mean by "supported the front-end functionalities"? If some users are not allowed to run some transaction then you need to modify portal role for these users. If you want to prevent particular functionality of some transaction then you need to use somehow enhance that transaction and access to this functionality will be controlled by user's authorizations on back end system.

Cheers

Go to solution
Former Member
In response to mvoros

‎12-16-2010 3:40 AM

0 Kudos

Hi Martin,

Apologize for not making it clear enough. As for your info, we will be implementing Structural Authorization and the requirement that we received is to restrict both back-end and portal functionality based on employee skills category. Employee skills category data is currently maintain in custom infotype.

I've started with the back end restriction, not really sure how I'm going to handle this in back end, but I'm thinking of manipulating 'Administrator' field in IT0001 or creating customized authorization object - still in test stage. However I'm not really sure how to start in portal.

Let us take 'Profile Matchup' in Talent Development Specialist (TDS) portal role as an example for this discussion. TDS should only be given to HR personnel that handle personnel developent. Unfortunately, business requires TDS portal role to be given to non-HR personnel to perform the profile matchup limited to their respective area of responsibility e.g. skill category. Is this possible in portal? Appreciate your thoughts and advice on this matter.

Thanks much.