ChaRM authorizations: restricting CR creation to other landscapes
We are setting up ChaRM to new landscapes and shortly we will have several maintenance cycles available when one authorises a CR. We want to restrict users from creating CRs to other landscapes than their own.
We have tried to look for object type containing the possibility to set a project related restriction. However we are still wondering which would be the best way to set this restriction: maintenance project, maintenance cycle (not really an option in long term), Solution (dswp) or logical component.
What is your opinion on this and how can we set this up. As said, currently we are trying to find suitable object type to be added to user roles, but so far we haven't found correct one.
I'm very greatful for any hints you may provide us.
System can be diffrenciatiated on ibase and component..
This can be done through Authorization object B_NOTIF_IB..
In this we can give have component level authorization..
Where to use this authorization object??
Implement badi ORDER_SAVE, there go for authority-check on the foresaid object..
Use FM CRM_REFOBJ_READ_OW, this gives you what is the ibase, component entered on the CR.. Compare this with that on the Authorization object and give apppropiatate msg raising DO_NOT_SAVE so that he/she is have git allowed to process further..
This authorization check is made on Every SAVE irrespective of status of the CR which means if the person is creating/ changing the CR has to have authorization for that component which means( System)... Isnt this the Best solution ??
i think i have given you more than a hint..
please ask your Abaper to implement this for you..
Please do reward for usefull answer..