Show TOC Start of Content Area

Background documentation Assigning Application-Related Authorization to Client Users  Locate the document in its SAP Library structure

Multiple users can use the same SAP NetWeaver Mobile client. For example, the client has a Sales Order application installed. The client is used by two users, user A and user B. In this application, there are two basic functions: Viewing the sales data and modifying the sales data.

The user authorizations are as follows:

·        User A can only view data

·        User B can view and modify data

For this scenario, you must assign all fields for viewing data to an authorization object (for example, P), and assign all fields for modifying data to a different authorization object (for example, Q).Then you must create two profiles. The first profile, profile A, is created with authorization object P. The second profile, profile B, is created with authorization objects P and Q. You assign profile A to user A and profile B to user B.

Note

You can also assign application-level authorizations to users. Application-level authorizations can be created by defining object classes in the DOE. An object class is a logical combination of the authorization objects.

More information: SAP Authorization Concept

Steps for Application-Related Authorizations

You must follow these steps to enable DOE to recognize the application-related authorizations.

Note

The application related authorizations are supported only by mobile client for laptops. The handheld clients currently do not support the authorization objects.

...

       1.      Create authorization objects in the back end or in the system on which the DOE is installed (transaction SU21).

The authorization objects that you create must depend on the application usage. The application developer uses these authorization objects and develops the application.

       2.      Create roles based on the authorization objects in the back end, or in the system on which the DOE is installed.

More information: Creating Single Roles

       3.      If you want a client device user to be able to access all applications on a client device, assign the SAP_DOE_ALL_APP_VISIBLE role to that user. If you want a client user to access only specific applications on the client, you must assign the S_DOEAPPST authorization object to that user and then assign applications the user is allowed to access.

       4.      Create users for the client in the back end or in the system on which the DOE is installed.

More information: Creating and Maintaining User Master Records

       5.      Assign roles to users in the back end, or in the system on which the DOE is installed.

More information: Assigning Users

       6.      Upload the application to the DOE.

More information: Deploy Mobile Components to Data Orchestration Engine

       7.      Download user details into the User Details data object.

More information: Downloading Details into User-Details Data Object

       8.      Download authorizations into the User Authorization data object.

More information: Downloading Authorizations into User-Authorization Data Object

End of Content Area