App Specific Authorization
App specific authorisation can be invoked by the selection of the Authorization Checkbox on the Properties screen in the FAB Workbench.
This selection mandates checks to a FAB delivered authorisation object.
- Authorization Object: /IQX/FAB (SU21)
Allowed activities:01 – Create New Instance
02 – Change Instance
03 – Display Instance
04 – Delete Instance
11 – Workbench create
12 – Workbench edit
13 – Workbench display
Auth Group
Multiple values, free text entry, support wildcard entry patterns eg FI*
- Locations where the authorization checks are implemented :
- FM - /IQX/FAB_GET_DATASET - FAB Get Data (initial values)
AUTHORITY-CHECK OBJECT '/IQX/FAB'
ID 'BEGRU' FIELD iv_authority_grp
ID '/IQX/ACTIV' FIELD '01'. “Create - FM - /IQX/FAB_GET_ELEMENTS - (/IQX/LFAB_SERVICESU09 FAB Get Elements (definition XML))
Authorisation to view any App/
AUTHORITY-CHECK OBJECT '/IQX/FAB'
ID 'BEGRU' FIELD iv_authority_grp
ID '/IQX/ACTIV' FIELD '03'. "Display - FM - /IQX/FAB_POST_FORM_DATA - (/IQX/LFAB_SERVICESU01 FAB_Changeset End (Post Form Data))
Authorisation to change/create App/Form data.
AUTHORITY-CHECK OBJECT '/IQX/FAB'
ID 'BEGRU' FIELD ls_header-auth_group
ID '/IQX/ACTIV' FIELD '02'. "Change - FM - /IQX/FAB_GET_INSTANCE_DATA - (/IQX/LFAB_SERVICESU13 FAB Get Instance Data (saved form data))
Authorisation to view App/Form data.
AUTHORITY-CHECK OBJECT '/IQX/FAB'
ID 'BEGRU' FIELD ls_header-auth_group
ID '/IQX/ACTIV' FIELD '03'. "Display - FM - /IQX/FAB_GET_RELATED_DATA - (/IQX/LFAB_SERVICESU14 FAB Get Related Data (saved one-to-many form data))
Authorisation to view App/Form related data.
AUTHORITY-CHECK OBJECT '/IQX/FAB'
ID 'BEGRU' FIELD ls_header-auth_group
ID '/IQX/ACTIV' FIELD '03'. "Display
- FM - /IQX/FAB_GET_DATASET - FAB Get Data (initial values)
- Authorization Check Points
- Workbench
- First time entry to workbench – Only check access to Tcode /IQX/FAB
- Workbench when re-entering transaction – check “13 – Workbench display” for auth group of last form. If no access to last form then treat as first time access to workbench.
- Workbench when selecting Create New – check “11 – Workbench create” - No check on Auth group.
- Workbench when click change to edit form - check “12 – Workbench edit” for auth group of form.
- Application Access
User when initiating a form instance - i.e. saving first time. Check auth object for “01 – Create New Instance” and auth group access.
Similar for change and Display and delete
- Data Analysis Reports
User when executing any of the data analysis reports will not see data unless they have the “03 – Display Instance”.
- Workbench
Step-by-step guide
Decide if you require form level access control
- Activate the Authorisation in the Properties section of the App in the workbench.
- Maintain the authorisation object /IQX/FAB with the required App access
- Assign the Authorisation object to a Role and then assign to the user as required
Related articles