Authorizations in Customize

Sebastian Schweer

Hallo Everybody,

 

i designed a lot of Customize Rules and now want to control the Authorizations within the Customize Rule.

 

Something like:

 

if(oUser.getCurrentUser is not in Rule)

{ then exit;}

 

Therefore i create a new Authorization Rule about "Administration -> System Initialisation -> Authorizations -> Additional Authorisation Creator".

Then i have a new Authorisation Rule, which i can easily manager which the General Authorizations for every User in B1.

 

Can anybody told me, how i can get acces to theese Information with Customize, so i can use it in my C-Sharp code and so i can check if anybody could open my Customize Rule.

 

Best Regards,

 

Sebastian

Heiko Merz

Hello Sebastian,

 

you can use the authorisations in each coresuite customize rule, the last column.

 

That works with the standard SAP authorisations.

 

If you grant access to a rule to Group 1 there, then you go to standard SAP authorisations, go to user authorisations (bottom) - coresuite customize, then you give no access to all users where this rule shouldn't work and full access to all users where this rule should work, then it should give you the result you're looking for.

 

I did that several times, and it's a good function - a little bit difficult to understand, but once you have it, it's ok.

 

Kind regards,

Heiko

Sebastian Schweer

Hallo Heiko,

 

thank you, for your reply. I know, that there is a Role Conept in the last Column of Customize. But we don't want to use that. We want to use the General Authorizations Concept and to check these in the Code by C#.

 

Best Regards,

 

Sebastian

Anders Olsson

Hi Sebastian,

You could do something like this: In the Global code, add a method that accepts a userid and checks whether that user is authorised or not
(The authorisation rule is called CustomizeRule):

public bool IsUserAuthorized(int userId)
{
    const string AUTH_QUERY = @"SELECT COUNT(*)
                                FROM OUSR
                                LEFT JOIN USR3 ON USR3.UserLink = OUSR.USERID
                                WHERE OUSR.USERID = {0} AND (OUSR.SuperUser = 'Y' OR (USR3.PermId = 'CustomizeRule' AND USR3.Permission = 'F'))";

    bool isAuthorized = false;

    string query = string.Format(AUTH_QUERY, userId.ToString());

    using (System.Data.SqlClient.SqlDataReader rdr = SwissAddonFramework.B1Connector.GetB1Connector().ExecuteQuery(query))
    {
        if (rdr.Read())
        {
            isAuthorized = (rdr.GetInt32(0) > 0);
        }
    }

    return isAuthorized;
}

Not 100% sure about the query, you might have to adjust it.

 

In your Optimizer rules you can call the global method and exit if not authorised:

if (!IsUserAuthorized(SwissAddonFramework.B1Connector.GetB1Connector().UserId))
    return true;

HTH,
Anders