1 Reply Latest reply: Apr 7, 2014 9:20 AM by Thorsten Schröder RSS

    Section Access on multiple disjunct fields using Generic Keys

    Thorsten Schröder

      Hello community,

       

      I'm struggling with the following task: I need to create a section access setup using OR combinations. I have gone through the complex authorization blog post and also the pdf on generic keys but I can't apply the info to my needs.

       

      I have three SAP tables GLPCA, BSAD and VBRP.

      GLPCA and VBRP both have two fields called PRCTR (Profitcenter) and VKGRP (SalesGroup). VKGRP represents the individual user on where I want to apply the "most basic" section access.

       

      The problem is that I need to lookup discount values for the VKGRP - but in GLPCA these are booked on a standard PRCTR (3000 or DUMMY) and also don't contain the VKGRP.

      Using BSAD as a lookup-table I can retrieve the discount values from the VBRP table with the REFDOCNR. In VBRP I then have the correct PRCTR and VKGRP for all discount values.

       

      Applying section access only on the VKGRP of GLPCA will make the discount values disappear so now my best guess is to create a

      disjunction between GLPCA.VKGRP and VBRP.VKGRP.

       

      So if I link the NTNAME johndoe to VKGRP 508 he should be able to see all the PRCTRs (and thus including the discount values) where at least one of the two VKGRPs is assigned to 508.

       

      This would be the most basic section access I need.

      Additionally some users are not only restricted by VKGRP but also by GLPCA.RACCT (Account number).

      And then I will also have users that are allowed to see everything but only based on a defined set of PRCTRs (meaning PRCTRs of one or both tables).

       

      Here's how I believe the restrictions need to be:

       

      ACCESS, USERID, PASSWORD, GLPCA.PRCTR, GLPCA.VKGRP, VBRP.PRCTR, VBRP.VKGRP, GLPCA.RAACT
      ADMIN, ADMIN, ADMIN, <ANY>, <ANY>, <ANY>, <ANY>, <ANY>
      USER, john, 1, <ANY>, 508, <ANY>, 508,  <ANY>

      USER, paul, 2, PC3100;PC3400, <ANY>, PC3100;PC3400, <ANY>, <ANY>

      USER, dave, 3, <ANY>, 524, <ANY>, 524, 0050000000;0053040300

      Please see attached qvw for a small sample application or follow this link http://pastebin.com/wdK6pW7N if you can't open the qvw.

       

      I hope that you can give me a better understanding on how to apply the concept based on my example.

       

      Note that I have created a very similar question here: combine tables to create new rows/columns based on logic

      But this might be confusing so please stick to this thread here :-)

       

      Thank you in advance.