Hello Security Gurus -
Before I start with my question - here's a lil background.
We are on EHP7 for SAP ERP 6.0 with release 740 SP level 0004, SAP_UI 740 SP level 0005.
We have a very peculiar requirement for Field level authorizations on SAP UI5. End users will not have access to SAP GUI, they will all logon to SAP via the web browser ONLY (All these screens are developed using the SAP's UI5 technology).
Now the questions is How can we implement field level security in the ABAP back end system that can reflect on the UI front end?
Our approach/idea is to
- Group those similar fields together based on properties/usage and maintain a table with this grouping
- Create a custom Auth object with ACTVT and the FIELD GROUP NAME and control the fields whether they are display or non-display
- Our UI5 team will be able to read this custom object for the user's authorizations and render it on the web front end.
However, with this approach we may end up with a huge table with all the available fields and grouping them together would be a big challenge and a huge maintenance overhead.
Does anyone know if there is a better approach to attain this level of security? Any valuable thoughts,ideas you could share would be highly appreciable.
Thanks for your time
Kiran Kumar