Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Generic role for Display

Former Member

‎12-17-2007 6:04 PM

0 Kudos

All,

I don't think that this is an "issue" but it is definitely something of a convenience problem. Our company has about 50 stores and each of them would have 2-3 generic role for a generic display login.

I have been asked to create a role in such a way that store A cannot see the inventory / data of store B. Now we can have 50 different roles for 50 stores and change the Store Numbers (Company) in the Authorization Objects (Again, Im assuming that this would work..not sure though). But this would be cumbersome to create and manage. Besides each store gets about 3 different roles which makes it at least 150 roles.

Is there any other way to do this. I hope I'm being clear about what is needed. I need just 1 generic role assigned to all the stores, but they still should not be able to see each other's information.

Thanks,

Kunal

2 REPLIES 2

Former Member

‎12-17-2007 6:26 PM

0 Kudos

Hi Kunal,

Putting aside any thoughts of a generic login for the time being (you might want to check your licence terms) then there are are a few ways that you can achieve this.

Most straightforward would be to use derived roles. Create your 3 master roles and then derive them at the lower level - 1 per company (if you data can be adequately segregated that way - you need to make sure that it can!).

If you are only differentiating on company and there is one company per role then you could script the creation of this pretty easily and populate the org levels using a CATT script (tutorial on sapsecurityonline.com ). If you are on ECC6 then to be honest eCATTs will take rather longer to get working for org levels than it would take to build your 150 variants.

You could use enabler role method (use the search on terms "enabler role" or "value role") but to be honest the reduced number of variants you will need to build is going to be outweighed by the complexity of the solution.

Former Member

‎01-03-2008 7:48 AM

0 Kudos

Hi Kunal,

As far as no. of roles is concerned, it all depends on the level and granularity of security approach you want to implement.

Regarding your issue, you can design Parent Roles (2-3 as you said) containing generic authorizations applicable to all. Important point is that they also have Org-Filters with values as *. Now you can create Child Roles using the Parent Role and modifying the Org Filter (Store Code in your case) for each of the role specific to a Store.

This method may produce an equal no. of roles but it certainly is much easier to manage and customize in future.

I hope that answers your question.