Skip to Content
SAP Cloud Applications Studio

How to set up access control/ define access context

Tags:

   You can find more specific information about Define Access Control in the documentation at this path: http://help.sap.com/saphelp_byd_studio/fp40/ktp/products/a1s_pdi/devtasks/business_objects/ht_defineaccesscontrol.html

I. Define Access Control for a standard Business Object (Customers) 

If we need for a user to see only specific data for example from Customers we want to see only those that are from territory UK (United Kingdom).

We logged on to the system with a user that has Administrators Rights.

·    Go to Application and User Management -> Business Users;

  Search for the Employee that we need to restrict access

        Click on Edit Access Rights

  • Go to the Access Restriction and there for the Customer’s Work Center we have Access Context: 1015 Employee or Territory, that means we can restrict data to be seen for a specific territory or employee.

Scroll down and we select the respective territory which this employee will see  all the customers that  are assigned to this territory.

     Save and activate and logged on with this user and see only the Customers from UK territory.

  II.Create your own custom Business Object and Define Access Rights for your custom WCVIEW.

  • Create your own Business Object with your elements and define an association to CUSTOMERS with syntax [RelevantForAccessControl].

 

    This syntax will take the Access Code List(ACL) from the Customers, this means that we can use an Access Context for our WCVIEW and we can display only specific data from CUSTOMERS for example like we explain above. (In this case we have a custom BO).

  • Create Thing Based UI for this BO
  • Open the WCVIEW that was created and:

            - Select Access Context 1015 Employee or Territory

            - At the Assigned Objects add also the OWL(Object Work List screen) that was created

        - Authorization Classification Code should  be Application Container

Save and Activate.

  • Open the Object Work List screen (OWL)

-             - Select Properties and the OWL component and choose Privileged Except Access Controlled Business Object

-            - At Access Controlled Business Object verify if the Custom Business Object has unmarked the Unrestricted Access like in    the bellow picture.

       -  Go to the Data Model and right click on the Queries and create a SADL query

     -  Select the List from the OWL Designer for displaying the values and also marked the parameters that we need in the query

Important

The SADL query replace the custom query that is used in the documentation.

  •   Open the Quick Create Screen (QC) and verify if at the Access Controlled Business we have unmarked the Unrestricted Access for our BO

Save and Activate.

· Open the Thing Inspector Screen (TI) and verify if at the Access Controlled Business we have unmarked the Unrestricted Access for our BO

Save and Activate.

Please make sure that also the Quick View screen has unmarked the Unrestricted Access.

  • Now Logon with a Business User and  go to Application and User Management -> Business Users

          Search for the Employee that we need to restrict access

                Assign the Work Center with the WCView from our Business Object

·  Go to Access Restriction and find our Work Center View for which we defined the Access Context 1015 Employee or Territory

   Both Read and Write Access will be restricted

  • Scroll down and marked the relevant territory for which we want that user to see values from the CUSTOMERS.

      This user will see data for the Customers that are in the Territory United Kingdom (UK), the association that we are using in our    Business Object will contain the respective data.

Save and Activate. 

Log off and Log on with this user that we Restrict Access.

  • We have on the Quick Create (QC) a field that his data type is Business Partner Internal ID and we have assigned to this field the standard OVS for Account.

       This user sees only data from UK Territory.

Former Member