Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict reporting in a particular langauge only.

Former Member
0 Kudos

Is there a way by which we can restrict access to a report in local language only?

Requirement : A User in France should be able to execute Report XYZ in French only, a user in Germany should be able to execute the same Report XYZ in German only and so on...

Is there any authorization that can be used to achieve this?

Is it possible to achieve this with 1 user id in the sense that when user logs in local language he/she should will have authorization to that report only but when logs in the system in Standard language like English he/she will have access to other transactions.

Any inputs will be truly appreciated.

13 REPLIES 13

Former Member
0 Kudos

You would need to code in a custom validation & appropriate logic to only output in language = SY-LANGU (system login language). It would also be useful to include a check on an auth object & value to override this.

You would have to apply this to all reports you want to use, not a problem if they are custom reports, much more problematic if they are standard ones.

0 Kudos

Thanks Alex for the response..is there any SAP delivered object to achieve this?

0 Kudos

I think i didn't put my requirement clearly:

Let me simplify.

There is an SAP user XYZ.

If XYZ logs in SAP in German then only Report R1 authorization.

If XYZ logs in SAP in English then other (maintain & data) access is there.

So, for same user id, access is different based on the logon language.

0 Kudos

>

> Thanks Alex for the response..is there any SAP delivered object to achieve this?

No, there is no object for this, to be honest I struggle to see what risk securing this would mitigate.

0 Kudos

>

> I think i didn't put my requirement clearly:

>

> Let me simplify.

>

> There is an SAP user XYZ.

> If XYZ logs in SAP in German then only Report R1 authorization.

> If XYZ logs in SAP in English then other (maintain & data) access is there.

> So, for same user id, access is different based on the logon language.

There is no standard way to do this that I am aware of - someone may know differently.

Why do you want different access based on logon language?

0 Kudos

I agree with Alex. You are trying to use a user specific credetial which is already sent with the logon data, to control security.

Controlling security based on the language of the user might be relevant for documentation translation and stuff like that, but you should not rest your laurels on peoples ability not to learn languages quickly...

Perhaps if you explain the "use case" then it is clearer for us, to be able to comment.

Cheers,

Julius

0 Kudos

Ok..for e.g

There is a User SAP1. This User has following access.

General Ledger - Maintain.----


(1)

SD Billing - Maintain.----


(2)

Report XYZ - Display.----


(3)

When user logs into SAP in English he should have access 1 & 2 only.

When user logs into SAP in German he should have access 3 only.

Right now it appears as if i have to create 2 separate id's to segregate access 1-2 & access 3. I thought if there is way to control access based on logon language then i need not create separate id's.

A Separate question - Is there a way by which we control the logon language of a User?i.e lets say a user can login only in Spanish language.

Thanks for all the responses.

0 Kudos

Unless you add in additional validation then 2 users will be required, though I still fail to see the risk here which this mitigates. If you can tell use the risk then maybe we can offer alternative mitigating controls

For your second question then it would be relatively simple to use user exit SUSR0001 to put in additional validation during the logon process to check for the users ability to log in a certain language. To avoid lookup tables etc one option would be to create a custom auth object e.g. Z_LANGUAGE and you assign users roles with the language they have access for. The code in the user exit does an authority check on this and prevents the user from proceeding unless they have the correct language.

0 Kudos

I still think the requirement behind this is nonesense and language should only be used for presentation and not security. How do you know the users speak both languages or either of them? If you retrieve the languages from HR, then how do you know the user has not worked out how the security works and sent in a fake language certificate, or can maintain their own via ESS? They will most likely do a bad job using the access, and then you will know it... but that is sometimes a bit too late.

I agree with Alex again, although the user exit Alex mentioned is not an elegant option for this requirement, in my opinion.

Equally ugly but also possible would be to not maintain the language elements for those reports, then give the users equal access to them and react to the missing language element upfront by exiting the program raising a "You should have taken language & at school!" message. At least it would work for a while... To avoid a lot of reports using a lot of upfront security on language, you could modularize the check or perform more checks; but still, what understandable security concept is there for the creators of language elements (or translating them) for reports, which would be sustainable and maintainable? Let alone what will follow in the report navigation, unless the reports are useless to use "online".

Sorry, that was 3 cents worth. I don't get it what you want this for.

Cheers,

Julius

PS: Perhaps the requirement is trying to test you? If this is an interview question, then please take note that these forums are NOT intended to be used for interview questions.

Edited by: Julius Bussche on Jun 1, 2008 11:01 PM

0 Kudos

>

> I agree with Alex again, although the user exit Alex mentioned is not an elegant option for this requirement, in my opinion.

You are right, it is a very blunt tool

0 Kudos

I guess the bluntness depends on how you react to it.

Checking sy-subrc is one option.

Checking sy-tabix is another...

Checking sy-langu seems a bit strange to me...

I think it is a trick interview question (just being honest).

0 Kudos

Thanks for all the responses.

Let me clarify that this is not any Interview question and i am well aware of the purpose of this forum. sorry if my question seems ugly and nonsensical..if it does not appear to be worthy of posting on "World's Most intellectual forum" then i apologize..

My question has been answered!!

0 Kudos

Hi SAP Learner

Just my 2p worth - sometimes it is easier to help find a solution if we understand the percieved risk which needs to be addressed. Clients can ask for some odd things at times & it's good to know what their rationale is for it. Also by knowing the risk, alternative recommendations can be made if we have come up against it before.

Cheers

Alex