Defining User-Specific Data Filtering (SAP Library

Defining User-Specific Data Filtering

Use

For mobile applications, you can determine which data for an application the respective user can access (read, write, change). This data is filtered and made available to the user on the mobile device.

User-specific data filtering is defined according to the SAP authorization concept, permitting data filtering to be managed with the authorization concept tools. Note that the security guidelines for SAP MI are valid here. For more information, see Users and Roles (BC-SEC-USR) and SAP Authorization Concept.

Prerequisites

● You imported the SyncBO MIAUTH. For information about importing SyncBOs, see Uploading SyncBOs. Do not specify an RFC destination when importing the SyncBO MIAUTH. To check if the SyncBO MIAUTH exists, start transaction merep_sbuilder, enter MIAUTH and choose Display.

Note

You can see SyncBOs such as SyncBO MIAUTH, which are made available with a transport, in table MEREP_810 (transaction SE16). This table also contains the valid transport numbers for performing a migration.

● SyncBO MIAUTH is active. To check this, start transaction merep_sbuilder, enter MIAUTH and choose Environment → SyncBO Profile.

● The ACTIVITY_BACKEND_CHECK_FOR_AUTH flag has been set to true in the MIBACKEND_CHECK table.

Procedure

...

Make sure that the authorization objects are linked to the corresponding mobile application. For each authorization object that is used by the application (see installation guide for the application), a dependency must be maintained in the Mobile Component Descriptor (MCD). If this is not the case, you can create the dependencies in the editor of the Mobile Component Descriptor on the Environment tab page, see Mobile Component Descriptor. Use the following dependencies:

Dependency	Value
DEPENDENCY_TYPE	AUTHOBJECT
DEPENDENCY_NAME	NAME
DEPENDENCY_VALUE	<Name of the authorization object>

Note

If you do not want to use the authorization check using the SyncBO MIAUTH, you can configure the client to not download the SyncBO MIAUTH. To do this, set the parameter MobileEngine.MIAuth.Enabled=false (for more information, see General Parameters for Synchronization).