Hi all,
We've created a BO with authorization checks. Our authorization object has three fields : ACTVT, BO_SERVICE and an extra field VKORG (sales org). In our roles we want to allow our user to perform CRUD operations, but only for specific sales organizations.
For instance:
ACTVT : 01, 02, 03
BO_SERVICE : (blank)
VKORG : XYZ
We thought that this would allow the user to create/change/display instances of our BO for sales organization XYZ. But unfortunately we receive an error that says that we don't have the authorization to create instances of our ROOT.
Apparently the authorization check is executed when we click on the create button in BOBT (or start our FPM application with CHANGE_MODE = C). All the fields of our ROOT are blank at that moment, so the authorization check fails because the user does not have the authorization to create an instance with a blank value for VKORG.
Does this mean that we have to grant all users the ACTVT 01 for a blank VKORG? This doesn't feel right? Instead, we'll create our own version of /BOBF/CL_LIB_AUTHCHECK_W_QUERY to avoid this check.
Or is there another solution to this problem?
Best regards
Liesbeth