Instance Based Authorization

I am trying to find a way to access the instance of a Resource in an AuthorizationProvider
in order to be able to determine if a specific user can access one instance of
that resource.
Example, my Resource is an EntityBean named: TestEntityBean, the code is as follow:
public abstract class TestEntityBean implements EntityBean{
// some defaul methods
public java.lang.Long ejbCreate(Long key, String name) throws CreateException
System.out.println("TestEntityBean.ejbCreate");
setSecurityid(key);
setSecurityname(name);
return getSecurityid();
public abstract Long getSecurityid();
public abstract void setSecurityid(Long securityid);
public abstract String getSecurityname();
public abstract void setSecurityname(String securityname);
public void ejbPostCreate(Long key, String name) throws CreateException {
System.out.println("TestEntityBean.ejbPostCreate");
I am using CMP, and my DB is ORACLE. When my authorization provider intercepts
the request to getSecurityName() I can see:
This defines my resource being used (aka my TestEntityBean and the method) but
how can I find out what is the EntityBean content? i.e. for example how can I
define what is the primary key of this object?
If I am offline, would u have recommendations on how to implement an instance
based authorization model? (ref to articles...?)
Thank you

This is what the AuthorizationProvider named MmlFileAuthorizationProviderImpl gives
me:
MmlFileAuthorizationProviderImpl.isAccessAllowed
subject = Subject:
Principal: user1
Principal: myGroup
Principal: developers
Principal: mySecondGroup
Private Credential: principals=[user1, myGroup, developers, mySecondGrou
p]
roles = Anonymous,writer_user,reader_user,creator_user
resource = type=<ejb>, application=_appsdir_mml_ear, module=tests
ecurity.jar, ejb=TestEntityEJB, method=getSecurityname, methodInterface=Local,
s
ignature={}
direction = ONCE
handler = weblogic.ejb20.internal.DummyContextHandler@1c32369
MmlFileAuthorizationProviderImpl.isAccessAllowed
subject = Subject:
Principal: user1
Principal: myGroup
Principal: developers
Principal: mySecondGroup
Private Credential: principals=[user1, myGroup, developers, mySecondGrou
p]
roles = Anonymous,writer_user,reader_user,creator_user
resource = type=<ejb>, application=_appsdir_mml_ear, module=tests
ecurity.jar, ejb=TestEntityEJB, method=getSecurityname, methodInterface=Local,
s
ignature={}
direction = ONCE
handler = weblogic.ejb20.internal.EJBContextHandler@1372a7a
Resource hashcode: -1318771256
ID: 2145579658558124
Type: <ejb>
Keys[0]: application
Keys[1]: module
Keys[2]: ejb
Keys[3]: method
Keys[4]: methodInterface
Keys[5]: signature
Values[0]: appsdirmml_ear
Values[1]: testsecurity.jar
Values[2]: TestEntityEJB
Values[3]: getSecurityname
Values[4]: Local
Values[5]: {}
Looking for policy for resource(type=<ejb>, application=_appsdir_mml_ear, module
=testsecurity.jar, ejb=TestEntityEJB, method=getSecurityname, methodInterface=Lo
cal, signature={})
I get all the information about the resource ... i.e. which entitybean object
is being used, but I can not have access to nay of the bean onformation, and this
is what I need to enable Instance base Authorization for this bean.
Basically how else can I say:
User Paul can do anyhting with this TestEntityBean being object "123" ?
User Jonh can only read the TestEntityBean "123" but can access and write in all
other bean TestEntityBean ?
Am i making sense? Can anyon help?
"Seyvet" <[email protected]> wrote:
>
I am trying to find a way to access the instance of a Resource in an
AuthorizationProvider
in order to be able to determine if a specific user can access one instance
of
that resource.
Example, my Resource is an EntityBean named: TestEntityBean, the code
is as follow:
public abstract class TestEntityBean implements EntityBean{
// some defaul methods
public java.lang.Long ejbCreate(Long key, String name) throws CreateException
System.out.println("TestEntityBean.ejbCreate");
setSecurityid(key);
setSecurityname(name);
return getSecurityid();
public abstract Long getSecurityid();
public abstract void setSecurityid(Long securityid);
public abstract String getSecurityname();
public abstract void setSecurityname(String securityname);
public void ejbPostCreate(Long key, String name) throws CreateException
System.out.println("TestEntityBean.ejbPostCreate");
I am using CMP, and my DB is ORACLE. When my authorization provider
intercepts
the request to getSecurityName() I can see:
This defines my resource being used (aka my TestEntityBean and the method)
but
how can I find out what is the EntityBean content? i.e. for example how
can I
define what is the primary key of this object?
If I am offline, would u have recommendations on how to implement an
instance
based authorization model? (ref to articles...?)
Thank you

Similar Messages

  • Row-/instance-based authorization

    Hi,
    I'm looking for ways to implement row-/instance-based authorization using Toplink 9.0.4+ and Oracle DB 9.204. The domain objects are represented by standard Java objects (POJO's) not entity-beans.
    My question: what are well-know working approaches to implement this? How did you do that in a project using Toplink and POJO's?
    I guess Label security/Virtual Private Databases would be interesting to consider. But I wonder if it's possible to use that with Toplink. Issues that I see right now:
    - how to propagate the credentials of the user to the database and still use connectionpooling?
    - can Toplink generally make use of Label Security
    Another approach would be to implement a JAAS extension following the lines of the article "Extending JAAS for class-instance authorization" http://www-106.ibm.com/developerworks/java/library/j-jaas/
    I expect this can easily result in a separate query per object. Which probably results in atrocious performance.
    Or this could be implemented by an aspect. But still this would probably necessitate n+1 queries for n objects. In other words: this would still let the appserver do the constraining of results while that is right task for the database of course.
    Your comments and advice are highly appreciated,
    Joost de Vries
    the Netherlands

    The main decision to make is whether to handle the instance level security in the application, or the database.
    As you mentioned there are many ways to handle security in the application.
    Oracle database supports VPD and OLS for row level security. The TopLink 10g 10.0.3 preview has added support for this refer to:
    http://otn.oracle.com/products/ias/toplink/preview/index.html

  • Resource Based Authorization sample program and application

    Recently i have studied about the types of authorization and i also did some samples for role based authorization. Now i am looking for Resource based authorization, the sad thing is that i could not able to understand the concept.
    So i am looking for the sample application and C# program. 
    I just want to know the concept of resource based authorization and also the sample application file and c# coding file.
    Please provide me the sample.
    Thanks in Advance. 

    Hi,
    Technet forums are dedicated by technologies. Since you are more looking for concept, you should check for blogs on the Internet (try google...).
    Otherwise please refer to TechNet forums homepage and look for your technology (C# for instance).
    Hope this helps.
    Guillaume Rouyre - MBA, MCP, MCTS

  • User based authorization to create Purchase Orders out of Purchase Req.?

    Hello,
    I have the following requiment for my client:
    User based authorization to create Purchase Orders out of Purchase Req.?
    I am told the same can be achieved using same standard menu path in IMG/Customizing.
    Please advise with the menu path and detials, Usefull answers will be rewarded.
    Thanks

    Using OMET Function Authorization, you can restrict users to create Purchase orders without Purchase Reqn.
    Using OMET trxn code Create one Function Authorixation Called pr and in General Parameters tab Select the Field Selection and in Possible reference Objects Tab Mark the With ref to Prs check box and save.
    Next, you've got to associate via SU01 
    Click Parameters, insert a new parameter id EFB to the authorization code. 
    Type in Parameters value you want e.g. XX 
    You have to assign the control for ALL the SAP buyers via thier SAP users id.
    Logoff and login again. Then try to create a Purchase Order without a reference.
    From Next time whenever you try to create with out referring PR it will not allow you to Save PO.
    Regards,
    Ashok

  • Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

    In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
    Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

    It is not missing.
    If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
    Steven Davelaar,
    JHeadstart Team.

  • How to set role based Authorization in JAAS

    how to set role based Authorization in JAAS
    i had user name , password and role in FileLogin
    thanks
    arun .v.

    http://dev2dev.bea.com/pub/a/2003/04/Kemp_Helton.html?page=last

  • Person responsible based Authorization in Projects is not working for me

    Hi,
    Does 'Person responsible' based authorization for WBSE works for the WBS element only, or for the hierarchically sub-ordinate non-WBS objects (meaning Networks, Activities, Materials etc) as well?
    Details:
    (Authorization objects: C_PROJ_VNR and C_PRPS_VNR)
    -- User1 is assigned with role TESTROLE1. This role has the Project manager based WBS & project authorization objects, with person number 101.
    -- User2 is assigned with role TESTROLE2. This role has the Project manager based WBS & project authorization objects, with person number 102.
    Following sample project is created by a super-user:
    PROJ123 (Details: person responsible - 101)
      WBS-1 (Details: person responsible - 101)
        WBS-1/1 (Details: person responsible - 101)
          NETWORK1
          ACTIVITY11
          MATERIAL111
          MATERIAL112
        WBS-1/2 (Details: person responsible - 102)
          NETWORK2
          ACTIVITY21
          MATERIAL211
          MATERIAL212
    Now the requirement of super-user is that WBS-1/1 and its subordinate elements (Activities, Materials etc) should be editable only by User1. And similarly, WBS-1/2 and its subordinate elements should be editable by User2 only.
    My issue:
    Although WBS-1/1 is not accessible to User2, BUT User2 can edit the subordinate elements (NETWORK1, ACTIVITY11, MATERIAL111, MATERIAL112) of WBS-1/1. I do not want User2 to have edit access to subordinate elements of WBS-1/1.
    Above issue is with User1 for WBS-1/2 as well.
    Hope I am clear in explaining my issue. Can anyone please help me understand the standard authorization concept of Person responsible based roles. I suspect that I am going wrong somewhere but I am not able to identify the problem.
    I want to allow access of a part of project to one user, and another part to some other user. And I do not want to go for an ABAP option if I can do above using basis authorizations.
    (Above mentioned problem is not just with part of projects, but with a complete project as well.)
    Hope to see some quick replies. Thanks in anticipation.

    Thanks for the inputs Sreenivas.
    Are you aware of any authorization objects which can restrict access to Networks, Activities, Material components and Milestones, using 'Person responsible' or any other suitable field? I hope you got what I am looking for.
    Restricting WBSE based on 'Person responsible' without restricting sub-ordinate elements is not much useful according to me. It helps only with simple project structures (having only WBSE) and nothing much. Right?
    Thanks again

  • Time-Based Authorization

    I would like to know if is't posible deploy time-based authorization commands. In order to rescrict the operator modify the configuration router only in windows maintenance. ACS 4.1

    Please refer to this link,
    Setting Default Time-of-Day Access for a User Group
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/GrpMgt.html#wp478788
    Regards,
    ~JG
    Do rate helpful posts

  • User based authorization

    I have a question about role based authorization. Guess we have 100 transactions and 100 users. I know we have to create a new role for a new combination of transaction list. Ex: 1,2,3,4,14,15 is RoleA and 1,4,25,34 for RoleB and so on. What will it be If we have a really mixed authorization combination. Guess 15 users use A Role and 20 B Role. But we have a three new user. They mustn't use only two transaction in A Role. Now we came subject of my question. I don't want to create a new role for these users. Is it possible to restrict authorization? As if in same role but restricted to use these transactions. (without abap coding) In a clear expression user based transaction authorization, not role based.

    Hi,
    in my opinion that isn't possible without coding.
    Sorry ;-(
    Regards
    Bernd

  • Can't use role-based authorization

    We can't use role-based authorization because the permissions
    and their assignments change frequently. Is there any alternative
    where we can still use WLS to handle security?

    Dave,
    If you're using WLS6 the console supports dynamic user updates so you could
    change each users configuration as needed.
    Alex
    Dave <[email protected]> wrote in message
    news:3a672c81$[email protected]..
    >
    We can't use role-based authorization because the permissions
    and their assignments change frequently. Is there any alternative
    where we can still use WLS to handle security?

  • Re: Permission-based authorization with JAAS

    Actually, I am struggling on this topic also. Probably someone else could help
    on this. If you only deal with WLS, one solution could be write your own RoleMapper.
    When the RoleMapper is called, the subject/principal should be available, at that
    time you could do DB search to find roles the principal belongs to and return
    all the roles to WLS security manager. WLS take over from there to enforce the
    access control defined in ejb-jar.
    -John
    "Natasha" <[email protected]> wrote:
    >
    That is very helpful, thank you very much, John!
    What about dynamic role definition? Any thoughts on how I should go
    about authorizing
    based on specific permissions a user has? What I need, essentially,
    is to have
    only the relevant parts of a given page visible to a user with certain
    permissions,
    so I want to use JAAS to have a system that would check if the current
    instance
    of Subject is authorized for a particular action.
    Natasha
    "John Zhu" <[email protected]> wrote:
    One thing you could do is to have all the client logs in through JNDI
    lookup API.
    And client's principal will be passed to the bean. Inside the bean's
    method call
    principal.getName() to retrieve the principal. After that you couldsearch
    DB
    to get ACL related to the principal, then enforce the security.
    Principal principal = context.getCallerPrincipal();
    logger.info("The principal name: "+principal.getName());
    [email protected] (Natasha) wrote:
    I need to implement an authorization model in which a user can be
    authorized to view a certain page or a part of a page based on their
    permissions. The trick is that the role definition is dynamic, andI
    can not make a policy file ahead of time. Instead, I would like to
    simply retrieve the users permissions and then allow access (or, say,
    use a jsp tag to check if a certain part of the page should be
    displayed) based of whether the user has the permission required, and
    have a configuration file that defines the access policy by mapping
    actions to permissions. I am trying to figure out whether I can use
    JAAS and the Subject class for this, because all of the examples I
    could find map actions to roles, rather than individual permissions.
    Also, I am confused as to whether or not I would have to implement
    my
    own LoginModule if I need to authenticate against a database, in my
    case, probably via using Weblogic entity beans. Sun tutorial states
    that developers do not need to implement a LoginModule, but I do not
    understand how I can do all that without it. I am using Weblogic 7.0
    and Struts.
    Any help will be greatly appreciated.
    Natasha

    Did u think about implementing your own AuthorizationProvider and using it in your
    security realm. The AuthorizationProvider does the trick of verifying which resource
    is being accessed and who can access it.
    My only problem is that I am unable to find out how to make the Resource know
    what instance it is...
    "Natasha" <[email protected]> wrote:
    >
    I guess I have to see if anyone suggests an alternative, and then decide
    whether
    it is worth adapting JAAS instead of a quick homegrown solution, as it
    seems like
    in our case the biggest reason to adopt JAAS is it being the standard.
    Thank you very much for your help, John!
    Natasha.
    "John Zhu" <[email protected]> wrote:
    Actually, I am struggling on this topic also. Probably someone elsecould
    help
    on this. If you only deal with WLS, one solution could be write your
    own RoleMapper.
    When the RoleMapper is called, the subject/principal should be available,
    at that
    time you could do DB search to find roles the principal belongs to and
    return
    all the roles to WLS security manager. WLS take over from there to enforce
    the
    access control defined in ejb-jar.
    -John
    "Natasha" <[email protected]> wrote:
    That is very helpful, thank you very much, John!
    What about dynamic role definition? Any thoughts on how I should go
    about authorizing
    based on specific permissions a user has? What I need, essentially,
    is to have
    only the relevant parts of a given page visible to a user with certain
    permissions,
    so I want to use JAAS to have a system that would check if the current
    instance
    of Subject is authorized for a particular action.
    Natasha
    "John Zhu" <[email protected]> wrote:
    One thing you could do is to have all the client logs in through JNDI
    lookup API.
    And client's principal will be passed to the bean. Inside the bean's
    method call
    principal.getName() to retrieve the principal. After that you couldsearch
    DB
    to get ACL related to the principal, then enforce the security.
    Principal principal = context.getCallerPrincipal();
    logger.info("The principal name: "+principal.getName());
    [email protected] (Natasha) wrote:
    I need to implement an authorization model in which a user can be
    authorized to view a certain page or a part of a page based on their
    permissions. The trick is that the role definition is dynamic, andI
    can not make a policy file ahead of time. Instead, I would like
    to
    simply retrieve the users permissions and then allow access (or,say,
    use a jsp tag to check if a certain part of the page should be
    displayed) based of whether the user has the permission required,and
    have a configuration file that defines the access policy by mapping
    actions to permissions. I am trying to figure out whether I can
    use
    JAAS and the Subject class for this, because all of the examplesI
    could find map actions to roles, rather than individual permissions.
    Also, I am confused as to whether or not I would have to implementmy
    own LoginModule if I need to authenticate against a database, in
    my
    case, probably via using Weblogic entity beans. Sun tutorial states
    that developers do not need to implement a LoginModule, but I donot
    understand how I can do all that without it. I am using Weblogic7.0
    and Struts.
    Any help will be greatly appreciated.
    Natasha

  • Two IBR instances based on doc type.

    Hi, I've got two IBR instances (11g) on differents machines (one on Unix and the other on Windows), and they works fine with UCM. But what I want is that UCM choose the IBR in order to send documents, and the choice must be based on the de doc type. For example, if it's a MS Office file, I want this document to be sended to Windows IBR. In other case, documents goes to Unix IBR.
    Could this be possible to do?
    Thanks.

    Hi Sai,
    Documents can be viewed and controlled based on document types etc.While you search documents all documents will be displayed.
    If the user doesn't av the authorization for a particular document type when he tries to double click on document it shows an error message as  " No authorization for that document type".
    CV04N:Find documents is a std report where you cannot change it.
    Regards
    Bhanu

  • Instance-level authorization...

    Hi, i'm working on an application using Toplink. We connect to the database using an internal connection pool with a common user/password. We need to filter any results returned to the client based on the requesting user's authorizations, probably using an ACL with privileges, principals, etc. So for instance, a query might return a list of Report objects but the user can only see a subset of the list. This application is not using EJB. Has anyone implemented something like this? i was thinking of either a custom built solution within this application or extending JAAS.
    Any suggestions would be greatly appreciated.
    -Tim Watson

    Yes, without VPD you will need to engineer some way to filter the data at the database level.
    Potentially other Fine Grained Access control is available ( database dependant), or you could create TopLink queries that filter directly based on the user that is executing them. For example you could add an extra field to the selection criteria and provide the user specific value in the row passes to executeQuery
    ReadObjectQuery roQuery = new ReadObjectQuery(IsolatedClass.class);
    ExpressionBuilder builder = roQuery.getExpressionBuilder();
    Expression expression = builder.get("name").equal(builder.getParameter("NAME"));
    expression = expression.and(builder.getField("SEC_ROLE").equal(builder.getParameter("Sec_Role")));
    roQuery.addArgument("NAME");
    roQuery.addArgument("Sec_Role");
    Vector arguments = new Vector(2);
    arguments.set(0, "Bob");
    arguments.set(2, currentUser.getSecurityRole());
    clientSession.executeQuery(roQuery, arguments);--Gordon                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  • Using filter in PAPI-WS to search instances based on project variables

    Hi All
    I wanted to search the BPM instances from my external application. Used PAP-WS to do that.
    To be precise, I was using the filterbean, and have set the process scope, status scope, and the variable on which I want to filter.
    However, I noticed that if the variable specified in the filter is a 'project' variable instead of the 'instance' variable for the process, then BPM does not
    search the instances and throws an exception.
    The code works fine if the variable in filterbean is an instance variable in the process.
    Is it possible to search for the processes based on the values of project variables?
    Below is the code snippet and the exception details.
    Code snipppet:
    PapiWebService port = initializePapiWS(participantId); //private method, dont bother about this
    ProcessIdSetBean b = new ProcessIdSetBean();
    List<String> processids = b.getProcessIds();
    processids.add("/MYPROCESS");
    FilterBean fb = new FilterBean();
    SearchScopeBean ssb = new SearchScopeBean();
    ssb.setParticipantScope(ParticipantScope.ALL);
    ssb.setStatusScope(StatusScope.ALL);
    fb.setSearchScope(ssb);
    List<FilterAttributeBean> fabList = fb.getAttributes();
    FilterAttributeBean fab =new FilterAttributeBean();
    fab.setVariableId("messageNo");
    fab.setComparison(Comparison.IS);
    fab.setValue("123");
    fab.setIsParametric(false);
    fabList.add(fab);
    InstanceInfoBeanList iabl = null;
    try{
    iabl = port.processesGetInstancesByFilter(b, fb);
    catch (OperationException_Exception ex)
    Exception:
    An exception occurred while executing a transaction. Details:
    An error occurred while accesing the database.
    Detail:SQL statement: 'unknown'
    Caused by: Syntax error: Encountered "null" at line 1, column 575.
    fuego.transaction.DatabaseException: An error occurred while accesing the database.
    Detail:SQL statement: 'unknown'
         at fuego.server.persistence.jdbc.JdbcProcessInstancePersMgr.getInstancesByFilter(JdbcProcessInstancePersMgr.java:527)
         at fuego.server.persistence.Persistence.getInstancesByFilter(Persistence.java:329)
         at fuego.server.ProcessInstanceManager.getInstancesByFilter(ProcessInstanceManager.java:132)
         at fuego.server.AbstractProcessBean$34.execute(AbstractProcessBean.java:1666)
         at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304)
         at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470)
         at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551)
         at fuego.transaction.TransactionAction.start(TransactionAction.java:212)
         at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123)
         at fuego.server.execution.DefaultEngineExecution.executeWithoutComponentImmediate(DefaultEngineExecution.java:199)
         at fuego.server.execution.EngineExecution.executeWithoutComponentImmediate(EngineExecution.java:95)
         at fuego.server.AbstractProcessBean.getInstancesByFilter(AbstractProcessBean.java:1660)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at fuego.lang.JavaClass.invokeMethod(JavaClass.java:1410)
         at fuego.lang.JavaObject.invoke(JavaObject.java:227)
         at fuego.component.Message.process(Message.java:585)
         at fuego.component.ExecutionThread.processMessage(ExecutionThread.java:780)
         at fuego.component.ExecutionThread.processBatch(ExecutionThread.java:755)
         at fuego.component.ExecutionThread.doProcessBatch(ExecutionThread.java:142)
         at fuego.component.ExecutionThread.doProcessBatch(ExecutionThread.java:134)
         at fuego.fengine.FEngineProcessBean.processBatch(FEngineProcessBean.java:244)
         at fuego.component.ExecutionThread.work(ExecutionThread.java:839)
         at fuego.component.ExecutionThread.run(ExecutionThread.java:408)

    Hi Mikael,
    Thank you for your input. Sorry for my delayed response, I was not alerted that anyone had replied. Anyway, the code you show above, as far as I know, will sort the results by a formula, but not limit results to that formula. For now we've temporarily settled
    on this approach of sorting by distance as this still gives value to the end user. We can also write some JavaScript to display the distance for each item using the longitude and latitude values for each item.
    In my mind that query above needs something similar to "between dates" (i.e. Range) syntax whereas we would need "within a geolocation distance".
    I admit that my knowledge of refiners is not great so I might just need to spend some time with them to understand this all better but at the moment I still don't see how you limit the result set. You could limit the results in JavaScript after the search
    has run (i.e. hide items that aren't within the given distance) but this would break the interaction with the other refiners on the page, especially if they are displaying counts (that are based on the original query). Unless there is an event
    we can hook into and filter the search results as a last step before they (and the refiners) are rendered on the page?
    Thanks for your input,
    James.

  • Table Maintenance - field based authorization.

    Hi,
    I have created a ztable and generated a table maintenance for the same.
    There are a few fields that have to be input enabled or disabled, based on authorization objects; some users should be able to enter values and some, not.
    Need some direction, kindly advise.
    Thanks,
    Sheldon

    Hi Sheldon,
    You can achieve the above mentioned functionality by checking the AUTHORIZATION assigned to the user. You have to check the AUTH OBJECT in the PBO Module and then you have to make the Screen Fields Input enable or disabled.
    But, in the generated screens, you have to do your own module pool programming and you have to do the same in your own set of INCLUDE Programs. The INCLUDE Programs generated by the TMG as READ ONLY and hence you cannot modify them. Also, make sure that you take a complete backup of your code as any change and modification will lead to regeneration of the screens and hence will delete all the user code.
    Hope this helps.
    Thanks,
    Samantak.

Maybe you are looking for

  • Having network printer connection problems using a Macbook Pro

    I hope a "greater mind" can suggest a solution to the following problem: Up until 2 days ago, I was successfully connected to the network printer at my office using both my Macbook Pro at work and at home (both wirelessly, OS 10.6.8). From yesterday,

  • Proper software install order for MS-6341

         What is the proper order for loading chipset drivers, etc. after installing the windows 2000 professional operating system for the MS-6341 motherboard ??      Does the 4 in 1 drivers include everything that has to be install for proper operation

  • Unable to Add Alt Tags to Placed Images

    I am developing a flyer that will be distributed as a PDF, and our requirement is that it be "Section 508" compliant, that is, readable by a screen reader. I am trying to add alt tags to the images in order to meet this requirement, but when I go to

  • IPhoto shut itself without warning, what should I do...

    I just purchase iLife 06, pretty exciting over the propect of a much awaited iPhoto 6. But then I have had some problem with iPhoto 6, when I edit photo in iPhoto 6, it suddenly **** itself down without warning (does not affect other application than

  • I currently own a apple mac OS X version 10.5.8. I have downloaded Adobe Flash Player so many times

    I currently own a apple mac OS X version 10.5.8. I have downloaded Adobe Flash Player so many times now and nothing works, every website just sais I need to download and so on... this is a joke now. I cant  do anything.... but there seems to be no wa