cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization for document display

Former Member

on ‎04-15-2008 10:36 AM

0 Kudos

HI experts,

We want to control display authorization depending on the entry made in object link. We developed screen for HR master object link. When user executes cv03n and enters document No. system should check hr master number entered in object link. If the user has authorization for that hr master number in PA (personnel administration), then he should be allowed to display the document. Otherwise it should restrict him to display the DIR.

Now my query is how to achieve it. Can anybody provide me some solutions

regards

sham

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎04-16-2008 7:18 AM
0 Kudos

Hi

Im not sure if your issue can be resolved with any config, thou code might help you...

However, you can use authorization group available in DIR screen.

for implementing this you need to use a BADI with HR master number.

Fo this prerequisite is to create a transperent table and you can consult your ABAPer in this case..

Niranjan

Let me know if it helps

also if you need any additional info

Show replies
Show replies
Former Member
‎04-16-2008 7:51 AM
0 Kudos

HI,

I have one solution, whenever user enter document number in cv03n screen, system will first check hr master number entered in object link and it will check the Personnel Area, Employee group and employee subgroup aginst this hr master number. Say for ex: PA:1000, EG:1 and ESG:01 for HR number xyz.

Now system should check in roles assigned agaist user id for these PA, EG and ESG values. If user has got authorization for PA:1000, EG:1 and ESG:01 in HR roles,then he should allowed to display the document.

Now my query is how feasible this approach? is this tough task for abaper? or is there any easier approach than this.

regards

sham

christoph_hopf
Advisor
Advisor
‎04-16-2008 8:54 AM
0 Kudos

Hi Sham,

based on the information about your solution I think an easier way would be to implement BADI DOCUMENT_AUTH01 and realise an authorization check which meets exactly your needs.

Here you should be able to create also a checking routine which verifies the entered objects and restrict the users.

Maybe also the standard authorization object C_DRAD_OBJ could be useful for this issue. Please see WIKI page https://www.sdn.sap.com/irj/sdn/wiki?path=/display/plm/caDMS-AuthorizationObjects for more information. I think this would be more easier to realise.

Best regards,

Christoph

P.S.: Please reward points for useful information.

Former Member
‎04-16-2008 10:29 AM
0 Kudos

hello Cris,

thnax for ur quick replay,

Ideally it should follow PA( Personnel Administration) authorization, where set of pepole can acess only set of employee master depending on PA, PSA, EG and ESG.Here also I want same thing, if user has authorization for particular HR master entered in objectlink, then he must be allowed to display document otherwise should restrict him.

regards

sham

christoph_hopf
Advisor
Advisor
‎04-16-2008 11:53 AM
0 Kudos

Hi Sham,

I'm sorry but I do not know any HR authorization objects which could handle this.

Maybe there is some other guy in this forum who can help here. There is also a special HR forum under

Best regards,

Christoph

Ask a Question