on 04-15-2008 10:36 AM
HI experts,
We want to control display authorization depending on the entry made in object link. We developed screen for HR master object link. When user executes cv03n and enters document No. system should check hr master number entered in object link. If the user has authorization for that hr master number in PA (personnel administration), then he should be allowed to display the document. Otherwise it should restrict him to display the DIR.
Now my query is how to achieve it. Can anybody provide me some solutions
regards
sham
Hi
Im not sure if your issue can be resolved with any config, thou code might help you...
However, you can use authorization group available in DIR screen.
for implementing this you need to use a BADI with HR master number.
Fo this prerequisite is to create a transperent table and you can consult your ABAPer in this case..
Niranjan
Let me know if it helps
also if you need any additional info
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI,
I have one solution, whenever user enter document number in cv03n screen, system will first check hr master number entered in object link and it will check the Personnel Area, Employee group and employee subgroup aginst this hr master number. Say for ex: PA:1000, EG:1 and ESG:01 for HR number xyz.
Now system should check in roles assigned agaist user id for these PA, EG and ESG values. If user has got authorization for PA:1000, EG:1 and ESG:01 in HR roles,then he should allowed to display the document.
Now my query is how feasible this approach? is this tough task for abaper? or is there any easier approach than this.
regards
sham
Hi Sham,
based on the information about your solution I think an easier way would be to implement BADI DOCUMENT_AUTH01 and realise an authorization check which meets exactly your needs.
Here you should be able to create also a checking routine which verifies the entered objects and restrict the users.
Maybe also the standard authorization object C_DRAD_OBJ could be useful for this issue. Please see WIKI page https://www.sdn.sap.com/irj/sdn/wiki?path=/display/plm/caDMS-AuthorizationObjects for more information. I think this would be more easier to realise.
Best regards,
Christoph
P.S.: Please reward points for useful information.
hello Cris,
thnax for ur quick replay,
Ideally it should follow PA( Personnel Administration) authorization, where set of pepole can acess only set of employee master depending on PA, PSA, EG and ESG.Here also I want same thing, if user has authorization for particular HR master entered in objectlink, then he must be allowed to display document otherwise should restrict him.
regards
sham
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.