User Specific Authorization on System Status in CJ20N by using BADI
The Inspiration to write this blog is Typical Business needs as well as Number of Post/Query ( Posted on SCN ) which I had gone through has the same requirement as I have ( require control on system status activation/deactivation – user specific ) but none of them are with proper/best solution.
Multiple user who have the access of PS Objects ( Project Definition/WBS/Network/Network Activity ) but with restriction on Set/Reset System Status to avoid mistakes/to prevent for any unauthorized work.
Typical Matrix is as below,
|System Status / Authority||Project Engineer||Project Manager||Finance Manager|
|TECO – SET||Allowed||Not-Allowed||Not-Allowed|
|TECO – RESET||Not-Allowed||Allowed||Not-Allowed|
|CLOSE – SET||Not-Allowed||Not-Allowed||Allowed|
- SAP has not provided Standard Authorization Objects to Control System Status
- By Using User Status Authorization, we can’t achieve above Requirement.
- ACL (Access control List ) will also not fulfill this requirement.
- Enhancement : CNEX0002 : It has multiple Functional Modules for Project Definition/WBS/ Network Header/ Network Activity etc.., but can’t control Status Authorization. As some point of time by this exit we are able to fetch current status and also throw error message but after getting error message program not stopped and processing for standard code.
So, I tried with BADI and achieved what I want…
- BADI for WBS : WORKBREAKDOWN_UPDATE
- BADI for Network : WORKORDER_UPDATE ( Restrict on Order Type/Order Category of PS As this BADI is common for all order type – e.g. PP, PM etc..)
- BADI for Project Definition : PROJECTDEF_UPDATE
Lets start with Project Definition BADI,
- Z Table need to create which has three column : User ID, Status Code , Tick for ( Activation / Deactivation – As per Requirement )
- We are triggering Error Message on AT_SAVE method.
- For Getting Current Status ( Whichever Tick/Select by User ) we have used function module STATUS_CHANGES_GET.
Same steps need to perform for WBS and Network BADI with change in Functional Module Exporting Parameter ” OBJNR ” .
Lets say Project Engineer can Set TECO but can’t Revert it as per above Matrix. So, User Id of Project Engineer need to maintain in Z Table with this condition as a Pre-requisite, for calling this Authorization check via BADI.
System will not allow to save, So, user have to go back without save.
This code will have same impact on all PS object as per data maintained in Z Table. You can put your own logic to provide Object specific – User specific impact.
You can Customize error message as your need.
I would like to thank my colleague Mr. Meherdip for his contribution on ABAP Part.
Please, let me know if anyone have doubt or I missed something.
Your suggestions are most welcome.
Good & informative blog...