cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Nakisa structural authorization is not working in Org Chart hierarchy.

Go to solution
Former Member

on ‎12-15-2014 6:27 AM

0 Kudos

Hi Experts,

We are in Nakisa OrgChart (Version 4.0 SP1). And 4 different roles have been configured in Nakisa and as well as SAP R3.

After assigning the structural profiles to users in R3,In Nakisa OrgChart, Org Unit Listing is working fine, means manager will not be able to search Org Units that are not under the functionality.

Whereas in Nakisa  Org chart hierarchy, initially  his Org unit get defaulted, but when user clicked on “Start chart one level above” icon it is still moving up the level means system is allowing to see other org units which strictly doesn’t need to be accessed by manager.

As Observed, Structural profile is not working in Org chart hierarchy.

Also i have identified nakisa's standard rfc "/NAKISA/OC_OU_STRUCTURE " is not functioning as per structural profiles ...while debugging we came to know that it is calling 4 times when we click on "start chart one level above" icon. enhancing this rfc may be this issue would be resolved but is this correct approach...?

Kdly suggest if any notes are available to fix this issue.

Regards,

Subba.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

StephenBurr
Active Contributor
‎12-15-2014 10:11 AM
0 Kudos

Some RFCs, such as the one you have highlighted, have import params called

     AUTH_CHECK

By default no value is passed from OrgChart into the RFC for this import para. If you wish auth checks to take place you need to set this value to X when calling the RFC.

The call to "/NAKISA/OC_OU_STRUCTURE" is made from 

     ..\AppResources\dataelementconfiguration\OrgUnitHierarchyDataElement.xml

You will need to add an import param to the list like this:













<importparam>












<param>AUTH_CHECK</param>











<source>DefaultValue</source>











<value>X</value>











<caption><![CDATA[Authorisation checks]]></caption>










</importparam>

The your authorisation checks will apply (based on the auth profile assigned to the user making the RFC call (i.e. if you have put a specific user name in the data connection then this user will be used for all RFC calls.  Remove that user name if you wish to use the user name of the authenticated user who is using OrgChart).

Note: Other data elements will need modifying in similar ways to cover position hierarchy calls, searching and details panels.

Regards,

Stephen

Show replies
Show replies
Former Member
‎12-15-2014 6:40 PM
0 Kudos

We had the same problem and adding the AUTH_CHECK parameter worked for us.

- Is this documented anywhere?

- What about listings and quick search?  Are there similar parameters for those?

Thanks,

Michael

StephenBurr
Active Contributor
‎12-15-2014 6:55 PM
0 Kudos

I don't believe it is clearly documented (either how to do it or that the default is that no auth check takes place!).

Listings you can do in a similar way.

e.g. Position listing uses data element "Position_SearchDataElement.xml" which calls RFC "/NAKISA/OC_POSITION_LISTING" which has import parameter "IW_AUTH_CHECK".

QuickSearch is only about employees and you can't apply a similar method to it as it uses OTF schemas and lots of RFC READ_TABLE calls (which don't take account of auth profiles).  On one project I'm involved in we are using other criteria within the OTF schema to restrict the data that QuickSearch indexes.  That is the only method I can think of to control access but of course this will not restrict data based on the user.

Stephen

Former Member
‎12-20-2014 5:39 AM
0 Kudos

Hi Stephen,

Thank you...!

But when I made changes in specified file. and we had restated server also. but still the issue is not resolved.

StephenBurr
Active Contributor
‎12-22-2014 9:37 AM
0 Kudos

Can you run an RFC Trace from the Admin to ensure the parameter is being set?

Do you have the structural profile assigned to the user being used to run the RFC?

Stephen

Former Member
‎01-06-2015 10:31 AM
0 Kudos

Hi Stephen,

sorry for late reply.

yes ..structural profile has been assigned to user and also it is working in listing. but structural authorization is not working in structures both Org and Position , also i have seen rfc trace and observed RFC "/NAKISA/OC_OU_STRUCTURE" which was called 5 times when i click the buttton "one level above icon".

I have no idea about parameters, please see the RFC TRACE log image below.

Also we have enhanced the above rfc for a temporary solution.

Thanks& Regards,

SUBBA

StephenBurr
Active Contributor
‎01-06-2015 12:53 PM
0 Kudos

Do the trace as you have but then click on each red line to view the import/export parameters for each function call.

Stephen

StephenMillard
Active Contributor
‎01-28-2015 1:48 PM
0 Kudos

Hi Subba.

Did Stephen's instructions reveal any details?

Regards,

Stephen.

Answers (0)

Ask a Question