Enhancement on Authorization Check of BOPF Framework
The post would share some enhancement solutions for authorization check of BOPF framework. I’m simply opening the subject for experience sharing.
Solution 1.Create the custom authorization check class
The table “/SCMTMS/I_OBM_BO” maintained the authorization check class.
Create a class inherited the super class “/SCMTMS/CL_AC_SUPER”. Maintain the custom class in the table.
Extend the grobal varient “MT_AC_ADM” in method “CONSTRUCTOR” can achieve the enhancement.
Solution 2.Implement the method “EXTEND_AC_ADM”of BAdI “/SCMTMS/AC_BADI”.
Solution 3.Assign the authorization object to the BOPF node.(The solution is available in SAP Business Suite Foundation 7.47 SP03)
Launch transaction BOBX and mark the check box “Business Object has Authorization checks”.
Select the root node and mark the check box “Node has own checks”. The system proposes the library class /BOBF/CL_LIB_AUTHORITY_CHECK.
Assing the authorization object for BO.
The solutions can control the node/subnode authorization base on the fields of node/subnode.
Eg: Manage the display/edit authorization of charge base on the forwarding order type.
Hi Clark,
Thanks for sharing but I was not able to find the transaction BOBX in TM 9.0 box.
~Srinivas Rao.
Hi Srinivas,
The BOBX is only available in SAP Business Suite Foundation 7.47 SP03.
You can use solution 1 or 2.
Regards
Clark Huang
Hi Clark Huang,
I have created Business Object with CD's as draft enabled. I am not Authorization folder in my root note after maintaining the check class /BOBF/CL_LIB_AUTHORITY_CHECK or /BOBF/CL_LIB_AUTHCHECK_W_QUERY. Please find below screenshot.As you mentioned in solution 3 above I am not getting Authorization folder. Please do let me know without Authorization folder also can we check for Authorization in Determination class.
Thanks,
Srinivas.
Hi Srinivas,
The configuration of autoriazation object and mapping is the mandatory for solution 3.
You can try the soluiton 1 for your own BO.
Best Regards
Clark Huang
Dear Clark Huang ,
I was also seeing same issue , mine I am using this for FIORI front end not TM though .
I can able to update the Node attributes with like "NODE HAS OWN CHECKS" under Authorization checks . But I cannot see the Authorization folder as such . Am I missing any other configurations needed? or is any Service Pack issue ?
Screen shot below attached for ref :
appreciate your response and thanks for your time.
Regards,
Raj
Hi Clark,
I have one issue about the DISPLAY authorization for the node entity.
My story is that my user has DISPLAY_OWN authorization, so it can pass the static check for DISPLAY check. But if the entity's creator is not the login user, he cannot display this entity.
In my side, yes, it pass the DISPLAY check in STATIC check method, and failed in the INSTANCE check. My expectation is this entity cannot show up. But it shows, I just cannot do any action for it.
My question is: This is by design or a bug or I missed some implementation?
Best Regards,
Lulu