Composite role on Authorization object
Composite Role :
Composite role is a collection of single roles.
Composite roles are used to simplify the assignment of multiple roles to users. They group several single roles into one, making it easier to manage user authorizations.
Why we go for Composite role :
Composite roles in SAP are useful for managing user authorizations more efficiently, especially when dealing with complex authorization requirements.
- Simplified Role Management.
- Consistent Authorization Assignment.
- Scalability.
- Improved Audit and Compliance.
When we go for Composite role:
- Departmental Role Grouping.
- Complex Authorization Structures.
- Role segregation and user Roles.
- Managing large user group.
Example:
For suppose if a project has assigned to a group of people, Each and every individual may have their own user id and authorities to access and to finish their task . After completion of all task at last they need to get approve from team lead. But the team lead may not have any authority to access those tasks. Here we need to create composite role for accessing those task which are created by different individuals.
Steps to create Composite role.
Note : For creating any Composite role first need to create single roles.
Single Role on Authorization object
Step 1 : Steps to create Authorization Field.
Goto SU20.
Provide authorization field name, Data element.
Click on using search help of data element radio button.
Goto SU21.
Provide authorization object class name and short description.
Step 3 : Steps to create Authorization object.
Goto SU21.
Click on Create Authorization object.
Provide authorization object name, Short description, authorization class and package name.
Provide authorization field name and standard field as ACTVT.
Click on Define permitted values.
Provide the functionalities or activities for that field.
Click on save.
The object has been saved.
Step 4 : Steps to Assign Role.
Goto PFCG.
Provide Role name and click on save.
Provide short description.
Click on Authorization.
Click on save.
Click on Change Authorization Data.
Click on continue.
Provide Authorization user credentials or user name.
Click on Create Manually entry of authorization objects node.
Provide Authorization object name.
Click on continue.
Extended authorization class.
Click on change.
Provide the values.
Select the Standard field and click on change.
Click on generate.
Click on Generate.
Click on back.
Click on User tab.
Provide the user id to whom you are providing the authorization.
Click on save.
Click on User comparison.
Click on full comparison.
Click on Save.
Steps to assign Composite role:
Goto PFCG.
Provide Composite role name.
Provide the short description.
Click on Roles tab.
Provide the selected Single roles which you want to create for authorization.
Click on user tab.
Provide the username of the person to whom you are providing authorization.
Click on save.
Click on user comparison.
The composite role has been created.
Step 7: Steps to check the role.
Goto SU01.
Click on display.
Click on Role.
Here you can observe the composite roles.
Steps to program.
Goto SE38.
Provide the report program name.
Provide short description and type as executable type.
Click on save.
Write the logic which you want to be provide.
PARAMETERS:P_BID TYPE ZGR_DE_BID,
p_val TYPE char2.
AUTHORITY-CHECK OBJECT ‘ZGR_OBJ_1’
ID ‘ZBUS_ID’ FIELD P_BID
ID ‘ACTVT’ FIELD p_val.
IF sy-subrc EQ 0.
select SINGLE FROM zgr_T_booking
FIELDS booking_id
WHERE booking_id = @p_bid
INTO @DATA(ls_booking).
IF SY-subrc eq 0.
WRITE: ls_booking , ‘You are authorized to access’.
ELSE.
WRITE: p_bid , ‘Please provide valid Booking id’.
ENDIF.
ELSE.
WRITE:’You are unauthorized to access’.
ENDIF.
Check the syntax error by click on Check.
Click on Activate.
Click on execute.
Note :Atleast more than one single need to create or need to be there before creating Composite role.
Steps to check the output.
Positive scenario.
Negative scenario.
COMPOSITE ROLE IN CDS VIEW:
COMPOSITE ROLE IN PARAMETERIZIED CDS VIEW:
