Question:
Dear All,
I have developed a report in KE30. Then, I have created
few variants for this report.
Every variant is designed for a particular user.
How can I restrict each variant for the right user.
I could have created 5 reports instead of 5 variants but
I think there need to be a better solution.
Best regards,
Mark
Answer:
You could create 5 user defined transaction codes via SE93 and only add the relevant transaction code to each users authorisation profile.
The KE30 report definition generates ABAP in the background - check the generated program name for your report (system>status from the reports selection screen) - it will look an odd name...something like GP3XSEXQX30OJ0XCKS8D1K70R2L or similar.
Before creating the new transaction codes, you need to ensure that your user specific variants are created/saved as transaction variants (starting with & - eg: &Variant1).
All the above need to exist in your development & integration clients as well as production.
Create Z transaction codes as a "Report & Selection Screen" start object referencing the program & transaction variant.
Add these into the transaction code start authorisation object for each users profile.
It does seem a lot of effort though for not a huge benefit - why not just train the users to select their own variant!
Answer:
Hello !
It does seem a lot of effort though for not a huge benefit - why not just train the users to select their own variant!
I agree. But I can't help it. You see - my boss want me to restrict
users from display values for a given characteristics. In other words:
user-01 > authorisation for access to sells figures for company code 0001
user-02 > authorisation for access to sells figures for company code 0002
So:
variant-1: company-code = 0001
variant-2: company-code = 0002
and then:
user-01: access to variant-1
user-02: access to variant-2
Thank you very much for your reply. It is stupid but they want me
to do this.
Best regards,
Mark
Answer:
If that's the driving requirement, you should check that the users authorisation profile is restricted to their own company code. KE30 does check authorisation object F_BKPF_BUK as standard (have a look in SU24 to see all the authorisation objects that it checks).
If the user is only authorised to view Company 1 and tries to run the report for another company code then they'll not get any data returned in the report.
Answer:
Moved to Security Forum...
_________________
Baz
AsPiRiNg tUlY iDiOt
http://www.catb.org/~esr/faqs/smart-questions.html