cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BRFPLUS data object Level authorization?

Go to solution
former_member1109645
Participant

on ‎10-29-2014 7:41 AM

0 Kudos


Hi All,

In BRFPLUS

For instance if I have 2 decision tables in an application, and I would like to give authorization for each one to different users?

How can I do that?

I created an application exit class by implementing the interface 'IF_FDT_APPLICATION_SETTINGS', in that

it seems I can use the method authority_check, but How can I restrict the users using that method to access the Decision table?

Another Question?

I am not able to trigger debugging for the class method from BRFPLUSS application?

It seems the code the working but not able to trigger the debugger?

Thanks in advance,

Kannan N

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

christianlechne
Active Contributor
‎10-29-2014 11:51 AM
0 Kudos

Hi Kannan,

you are right. You have to implement an EXIT class implementing the interface IF_FDT_APPLICATION_SETTINGS. Here you have to implement the CLASS-CONSTRUCTOR to set the attribute if_fdt_application_settings~gv_authority_check to  abap_true:

Then you have to implement the method AUTHORITY_CHECK with tze coding you want. You have access to every property of the object that is imported into the method via GUID, so here is one example where I in general restrict the access to a decision table via its GUID (not straightforward implementation, just to show that you have access to the BRF+ object via the API):

You can find further details on that topic in the document

Your second question is not clear to me: What do you want to debug (the generated class of the BRF+ function?) and what do you do to trigger the execution of the BRF+ function (simulation mode in Workbench, call in the backend system ...?)

BR Christian

Show replies
Show replies
former_member1109645
Participant
‎10-31-2014 6:18 AM
0 Kudos

Hi Christian,

Thanks for your reply!

I need to check against the logged in user, to authorize him to change decision table entries.

User A - Should be allowed User B- Should not be allowed.

In the same code I have check sy-uname .or is there any other possibility.

Can it be achieved using FDT_OBJECT authorization object?

Regarding debugging it is fine now . I am able to debug Application Exit class code.

Thanks and regards,

Kannan N

christianlechne
Active Contributor
‎10-31-2014 6:52 AM
0 Kudos

Hi Kannan,

I do not think that the FDT_OBJECT is feasible for your task as you can only specifiy the application, the object type and the activity.

SY-UNAME is an option but from my point of view not the optimal one rom the point of view of future enhancements: If a new user shall have access to one of the decision tables you have to adopt the coding. I would prefer a new authority object for that task where you use e. g. the GUID of the decision table as parameter. This way you can assign that to the user roles which would be a more standard compliant way.

BR Christian

former_member1109645
Participant
‎10-31-2014 8:28 AM
0 Kudos

Thanks Christian!

Will implement and come back if I have queries.

Answers (0)

Ask a Question