Skip to Content

Business Requirement:

In some companies client attaches documents/approvals in any transactional or master data. Any user who have its display or change access can delete or edit this attachment. We can restrict users from deleting or editing attachments in all documents. Please check below process for this.

Run T-Code SU21 and create authorization object with display activity 03 only.

Create object class. If you want to use any existing class please leave this step.

Enter class name and text.

Now create authorization object.

 
 

Create only one activity 03 for display.

Run T-Code SE24

Enter class CL_GOS_SRV_ATTACHMENT_LIST into object type.

Copy standard class into your own Z class and click on green tick/enter. Give you package name and save it in new transport request.

 
 

In the below screen double click on check_status.

Add authorization check. Coding is

AUTHORITY-CHECK OBJECT ‘ZATTACH’ ID ‘ACTVT’ FIELD ’03’.

IF sy-subrc = 0.
on_mode_changed(
‘D’ ). “— For display
ENDIF.

Logic is that field 03 is for display in authorization object activities. ‘D’ is an indicator for display mode. You have to assign this object only to those users to whom you want to restrict for editing and deleting attachments. The users without this object can still delete and edit attachments.

Add Zclass in T-Code SGOS

Select VIEW_ATTA in Name of Service. Status Gen. Service should be active and enter Zclass name in class F.GEN.Service field.

Assign authorization object to user and give activity 03. Now test in any attachment list. Edit and delete buttons will be in display mode as you can see in below screen.

Following is the screen shot for the user who has full access and I have not assigned authorization object to this user. So this user can change and edit attachments.

Try this in your system and don’t forget to rate and comment if you find this a helping document.

Thank$

Moazzam Ali

To report this post you need to login first.

34 Comments

You must be Logged on to comment or reply to a post.

  1. Atif Farooq

    Hi Moazzam:

    Very good document , does this concept apply to other module master data attachments as well ? For example i have attached a document in GMGRANT and i want some users not to be able to delete or edit its contents, is this possible to do so?

    (0) 
    1. ' MoazzaM ' Post author

      Thanks Atif. Yes it applies on all documents. You can test this in any module. Document attachment concept is same for every document and module. So just test this and check whether it works for you too or not πŸ™‚

      (0) 
  2. Former Member

    ” I can not describe your talent “

    but “I can’t give rating for your  Doc ” then what I do, is Just one word is amazing πŸ™‚ .

    Thanks for Sharing my Dear.

    Regards ,

    Naren

    (0) 
  3. Former Member

    Hello MozzaM,

    It is really a good doc and unable to describe your talent.To day i got a new opportunity to learn such a good thing bcz of this doc.Thanks for sharing this and keep sharing your knowledge.

    Regards,

    Lakshmi S

    (0) 
  4. Former Member

    Hello MoazzaM,

    This is a very helpful post, but I was wondering if it is possible to restrict the users from deleting the attachments only after the document has been posted.

    Our scenario is such that, when an user parks a FI document, they should be able to delete or modify the attachments, however once the document gets posted, they should only have the display access to the attachments.

    Thanks,

    Shilpa.

    (0) 
    1. ' MoazzaM ' Post author

      Hi Shilpa

      I am not sure about that but I think it can be done by adding your logic in coding area. Just ask your ABAPER to check that whether he is able to fetch document status information there or not. If he can fetch then it would be easy otherwise we have to see some other workaround.

      I don’t have ABAPER these days so I can’t check this. Its just an idea and you can give it a try.

      Thank$

      (0) 
    1. ' MoazzaM ' Post author

      Hi Stevin Kyaw

      This document is about controlling a button which we use only to delete attachments with a document. This is not about controlling line items in a document. Moreover ME23N is already a display order transaction code and no user can delete any line item in a display Tcode. Right?

      If you have searched this query and you didn’t find any solution then I suggest you to post MM related queries in MM forum here SAP ERP – Logistics Materials Management (SAP MM)

      Thank$

      (0) 
  5. Bakhtiyar Tlepbergenov

    Hi MoazzaM,

    I have aproblem when activating and saving the class – ZCL_GOS_SRV_ATTACHMENT_LIST.


    Class ZCL_GOS_SRV_ATTACHMENT_LIST,Protected section

    Implementation missing for method “CHECK_SUPERTYPES”.

    “CHECK_SUPERTYPES”.

    Please could help me?

    (0) 
  6. Former Member

    Dear Moazzam,

    I came across the same scenario in my organization regarding the disabling of the features of GOS (Generic Object Services) that are being provided in SAP standard. We have exactly the same requirement as of yours and initially I googled for GOS. I found multiple articles over SCN and non-SCN web links. Those were quite helpful for me as I got an idea of how to approach towards our solution. I found various SAP notes regarding the initial and technical understanding of the GOS services i.e. how the services can be amended and how one can built up a new GOS service etc. There I found an SAP note 491271Authorizations for generic object services, solutions have been proposed in it w.r.t the SAP release levels.

    Here is the proposed solution for those who do not have access to SAP Note documentation.

    “. . . . . If you want to provide a service for certain authorizations only, check the SGOSATTR table to see which ABAP OO class implements the service. Create a new subclass, and overwrite the CHECK_STATUS method. Store a separate authorization check here. If this fails, set the service status to inactive. Then enter your new class in SGOSATTR . . . . . .”

    1. I was in the midst of google surfing and suddenly I came across your article. I really appreciate your efforts and found the article quite descriptive and understandable for everyone via snap shots. Since you are a functional SAP SD consultant but after reviewing your article on it, I must say you are a techieee guru as well ;-p as your article is more inclined towards technical than functional J

    Infront of me was your solution and the solution proposed in the above mentioned SAP note. The solution I adopted was the one mentioned in the SAP note. The solution is quite similar or aligned with the one provided in your article but in order to make it more supportive towards the future packages/patches from SAP AG. The defined steps in the said article are;

    1. Copy the standard class into custom Z Class
    2. Modify the method CHECK_STATUS according to your need
    3. Active the Class and Method
    4. Attach the newly created class in SGOSATTR
    5. From now on, GOS services will call the custom class and will do the needful

    Well what I did is that I created a subclass that is inherited from the standard class CL_GOS_SRV_ATTACHMENT_LIST. In that way we can get the entire implementation of the SUPER class and can easily overwrite the CHECK_STATUS method without copying it.

    The Steps are;

    Create a Sub Class and inherit it from the Super Class Named CL_GOS_SRV_ATTACHMENT_LIST.

    /wp-content/uploads/2015/05/image1_704599.png

    In the above mentioned snapshot;

    SuperClass: CL_GOS_SRV_ATTACHMENT_LIST

    SubClass: ZCL_GOS_SUB_SERVICES

    The subclass will inherit all the attributes, methods, events and all of its properties from the superclass. This can be verified from the interface of the newly created subclass and its inherited superclass.

      Navigate to the Methods tab and there you will see the method CHECK_STATUS.

    /wp-content/uploads/2015/05/image2_704601.png

    Here if u saw the Methods that are highlighted in BLUE colour are the ones whose implementation exists in the superclass while the one highlighted as BLACK colour is the one which I overwrote with my implementation to achieve our goal of disabling the GOS services. Initially it would be highlighted as BLUE.

      Select it by simply double clicking on it and implement your logic as mentioned below OR whatever is the respective requirement.


    /wp-content/uploads/2015/05/image3_704602.png


    The Highlighted box contains the call of the original method CHECK_STATUS from its superclass and above this call, contains the user specific development.

    Finally attach this subclass in SGOSATTR.

    Advantages of this approach

    1. This will not create an obstacle/hurdle during SAP future releases
    2. Update package won’t rewrite customized code
    3. The solution is more inclined towards standard than customized
    4. This is exactly the same concept as in SAP Enhancement

    This is another approach towards its refinement and efficiency. Hope users will like it and found it useful for their future developments.

    Regards,

    Muhammad Asad Qureshi

    (0) 
    1. ' MoazzaM ' Post author

      Dear Asad

      Your concern and efforts are highly appreciated. You have spent enough time to analyze and coming up with this new solution which is more reliable and suggested one.

      If you could have updated this document instead of explaining this in comments, that would be nice and easy to search in future as well.

      Thank you once again and like you said I am not an expert in technical area so I believe your findings and R&D is really useful.

      Thank$

      (0) 
      1. Madhu Komaravolu

        Hi

        The process working great when user click dropdown box small triangle as shown below:

        /wp-content/uploads/2016/04/dropdown_931239.jpg

        The issue is when user click on icon directly instead of dropdown

        /wp-content/uploads/2016/04/icon_931245.jpg

        System pop up another box

        /wp-content/uploads/2016/04/popup_931246.jpg

        When user click on any one of active icons in standard system above pop-up will be cleared and other pop-up with appropriate icons.

        After implementing custom class along with SGOS configuration, system not clearing the above shown pop-up automatically.  Users are clicking more than once, then trying to close pop-up system going to ABAP short dump with runtime error SET_HANDLER_FOR_NULL, ABAP Program CL_LIST_BROWSER===========CM008. “__FREE”

        Any help appreciated.

        Thanks

        (0) 
  7. Former Member

    Hey Madhu,

    Am getting the same error…Β SET_HANDLER_FOR_NULL, ABAP Program CL_LIST_BROWSER===========CM008. β€œ__FREE”

    Any luck on this?

     

    Thanks

    (0) 
  8. Peter Nemeth

    Hi

    I would like to add that for the best result, in the SGOS transaction,
    the “Control” and “Commit required” checkboxes should be checked,
    otherwise the authorized users are also not able to save their actions.

    (0) 

Leave a Reply