Role Concept

Restricting Access of User Functions

User functions need not always be linked to mask events. The validity check prior to the execution of a function must therefore be processed at all starting points. Functions can be executed by means of various elements of the user interface. Such elements can either be menu selections (in the Top menu or in a context menu ), buttons in masks or keyboard input. Since individual functions are usually invoked using one of several such elements, access through multiple alternative Access routes must also be consistently protected.

The following table contains an example of a protected selection for a menu:

Selection Text Userexit Parameters
EDB-BOM-COP-STR Copy with structure xcpy-str sel

In order to protect this selection by way of a role concept, all userexit calls must be rerouted. To this end, the general userexit TASK replaces the original userexit call. A TASK parameter transfers a reference to the central task table T_TSK_DAT. This task table represents the actual task definition with regard to the access rule to be applied and the actual userexit.

Selection Text Userexit Parameters
EDB-BOM-COP-STR Copy with structure TASK EDB-ART-CPY

Table T_TSK_DAT:

EDB_ID EDB_MEMO CHECK_RULE ACT_LIST
EDB-ART-CPY Copy item   xcpy_str (sel)

This method can also be used for the protection of fields or whole masks and menus or to enable/disable fields and selections.