Show TOC

Procedure documentationMaintain Interface- and Key-Field-Specific Authorizations Locate this document in the navigation structure

Procedure

Using the Customizing of the SAP Application Interface Framework, you have the possibility to set up interface- and key-field-specific authorizations. This lets you specify authorizations on the basis of a single message’s content. Assume, for example, that a data message includes a plant and a business system identifier. A business user is responsible only for a specific plant / business system combination, so they should only be allowed to display and/or change messages for the specific combination that is relevant to them.

To achieve this behavior, you have to do two things:

  1. Specify the fields that are relevant for authorizations as key fields and include them in a custom single index table.

  2. Create a custom authorization object.

The steps required to define key fields are described in the system documentation of the corresponding Customizing activities. The authorization object needs to fulfill the following requirements:

  • It requires on field called ACTVT

  • The available activities in the ACTVT field must be the same as for the authorization object /AIF/ERR

  • It requires one field for each key field that serves as the basis for the authorization.

Given that information, you can now define the key fields, create the authorization object, assign the authorization object to an interface, and link the key fields to the fields of the authorization object. For more information, see Maintain Users and Recipients.