cancel
Showing results for 
Search instead for 
Did you mean: 

User Status control based on user authorisation

Former Member
0 Kudos

Hi Experts,


I would like to know the solution for one scenario, as


I have below numbered User status


10  CRTD

20  ISSUED

30  CLOSE

40  CNCL


and want to control based on authorization, as Person A got authorization to set status from 10 >> 20 >> 30 , but he cant revert back like 30>> 20 >> 10


To reverse back status , he has to contact his manger ( Person B ), who can only set status in reverse way,


I tried controlling this via Authorization key but no luck. 


Please let me know how i can achieve this, or let me know if more information required.


Thanks,

Riyaj




Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Its not possible to have different authorizations such as Forward Authorization & Backward Authorization control.

As mentioned earlier, you need to think of development to achieve this.

Former Member
0 Kudos

Thanks Maheswaran KD

That means , I have to go with Abap route, which i wanted to avoid, Anyway was checking if any one has implemented this kind of requirement else where.

My Abapers are already working then

Still if any idea , its welcome.

Thanks,

Riyaj

Former Member
0 Kudos

Your requirement without development is not at all possible.

As we have only one Authorization key at user status level, the same user will be allowed to go forward as well as go backward in selecting the specific status.

If system would have had 2 columns as one for forward & another for reverse, then this is very much possible with standard.

Some Weird way of configuration to achieve this requirement.....

Hope, this is the only way, you can achieve this Forward & Backward status movements.

Former Member
0 Kudos

Thanks Maheswaran KD,

Its coincident really i tried ( which you have mentioned ,via putting intermediate status and authorize, now i have to check with business , if they are ok to see these additional statues.

Anyway thanks

Riyaj

Answers (4)

Answers (4)

peter_atkin
Active Contributor
0 Kudos

Riyaj,


Authorisation object B_USERSTAT is checked ONLY for the new status, the system does not perform an authority check on the previous status (see include program LBSVAF0G via SE38).

And there does not appear to be any suitable user-exits/BADIs you can use whilst is the status screens. You could investigate the Enhancement Framework options - talk to your ABAP team.

Otherwise you will need to do a check when saving for example, via user-exit IWO10009 or BADI WORKORDER_UPDATE.

PeteA

Former Member
0 Kudos

Hi Riyaj,

Take a help of your ABAP'er. The procedure may be like this.


1)Create a Z-table where you can maintain USER ID AND ORDER for ex:


USER ID            ORDER

--------------          --------------------

USER-A             INCREASING

USER-B             DECREASING.


When USER-A logs into system and try to change the order, select the ORDER for USER-A(as it is only INCREASING), Check the current order and capture the new order which he has entered.


IF NEW_ORDER > EXISTING ORDER.

     show error message.

ELSE.

     continue with your requirement to proceed further.

ENDIF.

Hope this will resolve your issue.

Thanks

KH


sebastian_lenartowicz
Active Contributor
0 Kudos

Greetings Riyaj,

I'm assuming you know how to set up the roles with auth keys, but feel free to ask the additional questions.

The authorization to a (numbered) User Status with an authorization key is checked only when this status is being set, but not when it is being removed. You might have some luck with your requirement if you add the auth key "MANAGER" to status 10 CRTD (initial status) and the auth key "EMPLOYEE", but that would work with two numbered stati at most. (the trick is that only the manager can "set" the lower status; I'm not sure if it will not be a problem on Order creation though)

I have seen a similar requirement achieved through BADI, check out below with the help of your ABAPer:

                              BADI WORKORDER_UPDATE  Method AT_SAVE, Info. Structure IS_HEADER_DIALOG

Former Member
0 Kudos

Try to create a role based on auth key. Lets say you create auth key 0000001 and assign this to a role for person B, the role the SAP Security team will assign this to a profile ex. PM000003

This should be role mapped to person B in order to make changes. You would need to explain to them the scenario for this role.

Former Member
0 Kudos

Thanks for reply, Chandra,

As i mentioned in my post '


I tried controlling this via Authorization key but no luck. 


so suggested activity is already done,  I need to keep user status control on reversal.


Please read my post please.


Thanks,

Riyaj