Show TOC

Process documentationSet Up Interface-Specific and Key Field-Specific Authorizations

 

In the SAP Application Interface Framework, you can set up interface-specific and key-field-specific authorizations in Customizing for SAP Application Interface Framework (transaction code AIF/CUST). This enables you to specify authorizations on the basis of a single message’s content. You can assign interface-specific authorizations that allow or deny users certain activities depending on data received by the interface.

Example Example

A data message includes a plant and a business system identifier. A business user is responsible only for a specific combination of a plant and a business system. You should only authorize them to display and change messages for the specific combination that is relevant to them.

End of the example.

Process

  1. You specify the fields that are relevant for authorizations as key fields and include them in a custom single index table. You do this in Customizing for SAP Application Interface Framework under Start of the navigation path Error Handling Next navigation step Interface-Specific Features End of the navigation path.

  2. You create a custom authorization object in Maintain the Authorization Objects (transaction code SU21).

    The authorization object needs to fulfill the following requirements:

    • It requires a field called ACTVT

    • The available activities in the ACTVT field must be the same as for the authorization object /AIF/ERR (see Authorization Objects)

    • It requires one field for each key field that serves as the basis for the authorization.

  3. In Customizing for SAP Application Interface Framework under Start of the navigation path Error Handling Next navigation step Interface-Specific Features End of the navigation path, you assign the authorization object to an interface, you specify a field sequence number, and you link the key fields to the fields of the authorization object.

    Note Note

    When entering a field sequence number, you must enter the corresponding field sequence number from the definition of the key fields.

    End of the note.

Result

You have defined the key fields, created the authorization object, assigned the authorization object to an interface, and linked the key fields to the fields of the authorization object.

Example

Interface-Specific Authorizations

The interface-specific authorization can be used, for example, if you want to specify that users are only able to display or change data if the data was received from a particular business system.

An interface named INTERFACE01 exists. You have two users USER01 and USER02 and the interface can receive data from either SYSTEM01 or SYSTEM02. USER01 is only responsible for data received from SYSTEM01 and USER02 is only responsible for data received form SYSTEM02. The interface-specific authorization is used, for example, to ensure that USER01 is not able to change data received from SYSTEM02.

More Information

For more information, see Maintenance of Users and Recipients.

For more information about the activities in Customizing, see the corresponding Customizing documentation.