Creating Composite Role in Authorization – ABAP & CDS

Composite role on Authorization object 

Composite Role : 

Composite role is a collection of single roles. 

Composite roles are used to simplify the assignment of multiple roles to users. They group several single roles into one, making it easier to manage user authorizations. 

Why we go for Composite role : 

Composite roles in SAP are useful for managing user authorizations more efficiently, especially when dealing with complex authorization requirements. 

  • Simplified Role Management. 
  • Consistent Authorization Assignment. 
  • Scalability. 
  • Improved Audit and Compliance. 

When we go for Composite role: 

  • Departmental Role Grouping. 
  • Complex Authorization Structures. 
  • Role segregation and user Roles. 
  • Managing large user group. 

Example: 

For suppose if a project has assigned to a group of people, Each and every individual may have their own user id and authorities to access and to finish their task . After completion of all task at last they need to get approve from team lead. But the team lead may not have any authority to access those tasks. Here we need to create composite role for accessing those task which are created by different individuals.  

Steps to create Composite role. 

Note : For creating any Composite role first need to create single roles. 

Single Role on Authorization object 

 Step 1 : Steps to create Authorization Field. 

Goto SU20

Golla_rusitha_0-1720886604385.png

Golla_rusitha_1-1720886604390.pngClick on create Authorization field node. 

Golla_rusitha_2-1720886604392.png

Provide authorization field name, Data element. 

Click on using search help of data element radio button. 

Golla_rusitha_3-1720886604393.png Click on save. 

Golla_rusitha_4-1720886604393.png 

Golla_rusitha_5-1720886604394.pngStep 2 : Steps to create Authorization class. 

Goto SU21. 

Golla_rusitha_6-1720886604396.png

Golla_rusitha_7-1720886604397.pngClick on Authorization Object Class. 

Provide authorization object class name and short description. 

Golla_rusitha_8-1720886604398.pngClick on save. 

 

Golla_rusitha_9-1720886604399.png

Step 3 : Steps to create Authorization object. 

Goto SU21. 

Click on Create Authorization object. 

Golla_rusitha_10-1720886604400.png

Provide authorization object name, Short description, authorization class and package name. 

Golla_rusitha_11-1720886604401.pngClick on Save. 

Golla_rusitha_12-1720886604402.png

Provide authorization field name and standard field as ACTVT. 

Golla_rusitha_13-1720886604403.png

Click on Define permitted values. 

Golla_rusitha_14-1720886604404.png

Provide the functionalities or activities for that field. 

Golla_rusitha_15-1720886604404.png

Click on save.  

Golla_rusitha_16-1720886604405.png

The object has been saved. 

Step 4 : Steps to Assign Role. 

Goto PFCG. 

Golla_rusitha_17-1720886604406.png

Provide Role name and click on save. 

Golla_rusitha_18-1720886604406.pngClick on create Single role. 

Provide short description. 

Golla_rusitha_20-1720886604408.pngClick on Save. 

Click on Authorization. 

Golla_rusitha_21-1720886604409.png

Golla_rusitha_22-1720886604410.pngClick on Proposal profile name. 

Golla_rusitha_23-1720886604411.png

Click on save. 

Golla_rusitha_24-1720886604412.png

Click on Change Authorization Data. 

Golla_rusitha_25-1720886604414.png

Click on continue. 

Golla_rusitha_26-1720886604415.pngClick on Do not select templates. 

Golla_rusitha_27-1720886604417.png

Provide Authorization user credentials or user name. 

Golla_rusitha_28-1720886604418.png

Click on Create Manually entry of authorization objects node. 

Golla_rusitha_29-1720886604419.png

Provide Authorization object name. 

Golla_rusitha_30-1720886604419.png

Click on continue. 

Extended authorization class. 

Golla_rusitha_31-1720886604420.pngSelect the authorization field for which field you want to provide authorization. 

Golla_rusitha_32-1720886604421.png

Click on change. 

Golla_rusitha_33-1720886604422.png

Provide the values. 

Golla_rusitha_34-1720886604422.pngClick on save. 

Golla_rusitha_35-1720886604423.png

Select the Standard field and click on change. 

Golla_rusitha_36-1720886604423.pngProvide the activities and click on save. 

Golla_rusitha_37-1720886604424.pngClick on save. 

Click on generate. 

Golla_rusitha_38-1720886604424.png

Click on Generate. 

 

Golla_rusitha_39-1720886604425.pngThe profile has been updated. 

Click on back. 

Golla_rusitha_40-1720886604425.png 

Click on User tab. 

Golla_rusitha_42-1720886604427.png

Provide the user id to whom you are providing the authorization. 

Golla_rusitha_43-1720886604428.png

Click on save. 

Golla_rusitha_44-1720886604429.png

Click on User comparison. 

Golla_rusitha_45-1720886604430.png

Click on full comparison. 

Golla_rusitha_46-1720886604431.pngClick on cancel. 

Golla_rusitha_47-1720886604431.png

Click on Save. 

Steps to assign Composite role: 

Goto PFCG

Golla_rusitha_48-1720886604432.png

Provide Composite role name. 

Golla_rusitha_49-1720886604433.pngClick on Create Composite Role node. 

Golla_rusitha_50-1720886604433.png

Provide the short description. 

Golla_rusitha_51-1720886604434.pngClick on save. 

Golla_rusitha_52-1720886604434.png

Click on Roles tab. 

Golla_rusitha_53-1720886604435.png

Provide the selected Single roles which you want to create for authorization. 

Golla_rusitha_54-1720886604436.pngClick on save. 

Golla_rusitha_55-1720886604436.png

Click on user tab. 

Provide the username of the person to whom you are providing authorization. 

Golla_rusitha_56-1720886604437.png

Click on save. 

Golla_rusitha_57-1720886604438.png

Click on user comparison. 

Golla_rusitha_58-1720886604438.png

The composite role has been created. 

Golla_rusitha_59-1720886604438.png

Step 7: Steps to check the role. 

Goto SU01

Golla_rusitha_60-1720886604439.png

Golla_rusitha_61-1720886604439.pngProvide the user name of the person to whom you are providing authorization. 

Click on display. 

Golla_rusitha_62-1720886604440.png

Golla_rusitha_63-1720886604441.png

Click on Role. 

Golla_rusitha_64-1720886604441.png

Here you can observe the composite roles. 

Golla_rusitha_65-1720886604443.png

Steps to program. 

Goto SE38

Golla_rusitha_66-1720886604444.png

Provide the report program name. 

Golla_rusitha_67-1720886604445.pngClick on create node. 

Provide short description and type as executable type. 

Golla_rusitha_68-1720886604446.png

Click on save. 

Write the logic which you want to be provide. 

Golla_rusitha_69-1720886604447.png

 

REPORT ZGR_RP_CROLE_BOOKING.
PARAMETERS:P_BID TYPE ZGR_DE_BID,
p_val TYPE char2.

AUTHORITY-CHECK OBJECT ‘ZGR_OBJ_1’
ID ‘ZBUS_ID’ FIELD P_BID
ID ‘ACTVT’ FIELD p_val.

IF sy-subrc EQ 0.
select SINGLE FROM zgr_T_booking
FIELDS booking_id
WHERE booking_id = @p_bid
INTO @DATA(ls_booking).

IF SY-subrc eq 0.

WRITE: ls_booking , ‘You are authorized to access’.

ELSE.

WRITE: p_bid , ‘Please provide valid Booking id’.

ENDIF.

ELSE.

WRITE:’You are unauthorized to access’.

ENDIF.

 

 

Check the syntax error by click on Check. 

Click on Activate. 

Click on execute. 

Note :Atleast more than one single need to create or need to be there before creating Composite role.

Steps to check the output. 

Positive scenario. 

Golla_rusitha_70-1720888633615.png 

Golla_rusitha_71-1720888633615.png

Negative scenario. 

Golla_rusitha_72-1720888633616.png

Golla_rusitha_73-1720888633616.png

COMPOSITE ROLE IN CDS VIEW:

Golla_rusitha_74-1720888687815.png

Golla_rusitha_75-1720888725921.png

COMPOSITE ROLE IN PARAMETERIZIED CDS VIEW: 

Golla_rusitha_76-1720888753115.png

Golla_rusitha_77-1720888763336.png

Golla_rusitha_78-1720888770979.png

 

 

Scroll to Top