Question:
My query runs on an Infoset and based on grants (0GRANT_NBR) which contains sensitive information. Within this query is the role types (0GM_RSPTY) of people involved with the grant.
I want to restrict this query so that the user logged in or running the query can view all information based on the grants where he is the Principal Investigator of the grant(PI is a value in 0GM_RSPTY). He shouldnt see any other grants.
I have made the 2 InfoObjects authorization relevant and using RSSM created the authorization objects.
My problem is how to go about my restrictions in PFCG. As stated above, all I want to do is to restrict the user to view only his grants where he is the PI.
I have thought about using $VAR as a value in PFCG for 0GRANT_NBR with a user exit comparing the user logged in with the PI but I'm not sure if this is the best approach.
Answer:
It is the only approach.
_________________
bwSecurity
Answer:
Another approach is to crate a variable in Bex with the processing type 'user exit' and then restrict the system tothe logged on user when I_STEP=0
What i sthe difference between these 2 approaches and what effect would they both have on the query at runtime?
Answer:
I should have said a user exit is the only approach but there are many ways to use a user exit.
_________________
bwSecurity