Custom authorization in SQ01 Queries
SQ01 Queries can be very helpful to provide the datas to the user but you can easily loose the control of the authorization.
We will see how we will adapt our Infoset in SQ02 to be able to make an authorization check based on the user input. The example is a simple query to display the material master records especially the costing information.
Let us begin
Create a selection criteria
At first we have to create a selection criteria. This will allow us to easily interact with the user Input. This has also the advantage that this input will be automatically available in all queries using this infoset.
Go to SQ02 and select your infoset.
Then go to extras
And the click on the second tab Selections
In the example we restrict the material master based on the valuation area. You can basically use all fields available in your infoset. It’s important to fill the FOR field as this mention for which field the selection field will used as “Where” criteria in the SQL statement.
Implement our check
For this go to the second tab “Code”. Select the Start-of-selection event
This first check is a global check if the user is at all authorized to display the costing view of the item. On error a blocking message is directly issued.
Then we select all possible plant based on the user selection.
Once we got it we can delete the user input. Then we loop trough the result of our previous select and check the authorization. If the check succeed we add the plant in the selection criteria. The flag is only to issue a small message that the input has been restricted to fulfill the authorization.
Additional hint. It also a good idea to check at end of the loop at least on auth check succees because no authorization will result in an empty selection criteria and empty selection criteria mean select everything.
Here we go. Once this is done all queries build up on this query will restrict the result based on the authorization of the user.
Complete coding attached. .xml is to open in Word .txt is plain text.