Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization variable

Go to solution
Former Member

‎05-23-2008 8:02 PM

0 Kudos

Is it possible to create a role and pass a variable to the authorization data?

I am trying to create a cost center inquiry role that allows an end user access to their own cost center, but to no other cost center. Obviously, this needs to vary for each end user.

Thanks,

Margaret

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-28-2008 4:48 PM

0 Kudos

> 

> Is it possible to create a role and pass a variable to the authorization data?  
> 
> I am trying to create a cost center inquiry role that allows an end user access to their own cost center, but to no other cost center.  Obviously, this needs to vary for each end user.
> 
> Thanks,
> 
> Margaret

if you could manage to get your funkies to setup the cost-centers as a hierachy you will not face a probem, you could then access it using the org-levels (something with RESPAREA ...). if you proceed to setup one role and derive as many children as you need for your end-users, you would only have to adjust the org-level to the appropriate hierachy.

8 REPLIES 8

Go to solution
Former Member

‎05-23-2008 10:43 PM

0 Kudos

Hi Margaret,

What system/s do you need this in?

In BW auth variables are a standard feature & you can achieve this without too much trouble.

In R/3 is it much, much harder & involves significant changing of standard code just for the usual transactions. Unless you have £'000s to available then I would not recommend going down this route. I would add to that and say that unless absolutely necessary I would not even consider granular cost centre security. There are enough flaws in the implementation of that part of the auth concept to cause you plenty of headaches!

Often value roles are used in this situation, unfortunately that's a role per cost centre which can be assigned to the user to give just those auths to support the more generic functional role giving the particular transactional access

Go to solution
Former Member

‎05-28-2008 4:48 PM

0 Kudos

> 

> Is it possible to create a role and pass a variable to the authorization data?  
> 
> I am trying to create a cost center inquiry role that allows an end user access to their own cost center, but to no other cost center.  Obviously, this needs to vary for each end user.
> 
> Thanks,
> 
> Margaret

if you could manage to get your funkies to setup the cost-centers as a hierachy you will not face a probem, you could then access it using the org-levels (something with RESPAREA ...). if you proceed to setup one role and derive as many children as you need for your end-users, you would only have to adjust the org-level to the appropriate hierachy.

Go to solution
ChrLid_Swe
Explorer
In response to Former Member

‎08-15-2008 2:05 PM

0 Kudos

Hi,

I just tried to convert the field RESPAREA to an Organizational level field, but it would not work. It would not convert correctly. I received the $ sign in front of it. But the field were never visible under the Org level field button.

Has anyone else experience from this?

(We are running ECC 6.0, SAP BASIS 700)

Thanks!

/Christer

Go to solution
Former Member
In response to Former Member

‎08-15-2008 2:17 PM

0 Kudos

Hi Christer,

Did you use PFCG_ORGFIELD_CREATE (note 323817) and also follow note 698401 for the RESPAREA specific tasks?

I am on ECC6/700 at my current client and set up RESPAREA as Org level OK with the guidance in 698401

Go to solution
ChrLid_Swe
Explorer
In response to Former Member

‎08-18-2008 4:30 PM

0 Kudos

Hi Alex,

Thanks for your answer!

Yes, I did use the standard report PFCG_ORGFIELD_CREATE. But I can't find any reason to SAP note 698401 since everything is looking ok in the table. It looks just the way we want it.

Neither can I see any use of note 565436 since this should be in the system since way back.

Please let me know if you did any magic in table KBEROBJ. It is object K_CCA that is of most importance to us.

By the way there is no trace of field RESPAREA in table AGR_1252. So it is not converted correctly from the report.

Thanks for any additional input!

/Christer

Go to solution
ChrLid_Swe
Explorer
In response to Former Member

‎08-19-2008 10:51 AM

0 Kudos

Alex,

Yes, note 698401 really did solve the problem. I just had to read the note a bit more carefully!!!

For other readers in this forum: You have to enter a new entry in table KBEROBJ, but make sure to leave the first field (Object) empty. This is the trick that makes it work.

Thanks anyway Alex!

/Christer

Go to solution
Former Member
In response to Former Member

‎08-19-2008 11:01 AM

0 Kudos

Hi Christer,

I just saw your earlier post, glad the KBEROBJ tweak worked for you!

Cheers

Alex

Go to solution
Former Member
In response to Former Member

‎08-19-2008 11:47 AM

0 Kudos

Hi,

There are always issues when it comes to reporting within Controlling, and I agree that granular checks are not ideal.

However, there is an exit that could possibly be used to solve some problems around checks for Cost Centres - namely COCCA001.

For example this could be used to add a custom lookup against a table which maps users to cost centres. Although the challenge remains that standard auth checks will still apply.

I would only consider this if the requirement is absolutely necessary and as mentioned in previous posts I would avoid getting into hundreds of roles to control access.

Regards

Edited by: S Morar on Aug 20, 2008 2:14 PM