In some companies client attaches documents/approvals in any transactional or master data. Any user who have its display or change access can delete or edit this attachment. We can restrict users from deleting or editing attachments in all documents. Please check below process for this.
Run T-Code SU21 and create authorization object with display activity 03 only.
Create object class. If you want to use any existing class please leave this step.
Enter class name and text.
Now create authorization object.
Create only one activity 03 for display.
Run T-Code SE24
Add authorization check. Coding is
AUTHORITY-CHECK OBJECT ‘ZATTACH’ ID ‘ACTVT’ FIELD ’03’.
IF sy-subrc = 0.
on_mode_changed( ‘D’ ). “— For display
Logic is that field 03 is for display in authorization object activities. ‘D’ is an indicator for display mode. You have to assign this object only to those users to whom you want to restrict for editing and deleting attachments. The users without this object can still delete and edit attachments.
Add Zclass in T-Code SGOS
Select VIEW_ATTA in Name of Service. Status Gen. Service should be active and enter Zclass name in class F.GEN.Service field.
Assign authorization object to user and give activity 03. Now test in any attachment list. Edit and delete buttons will be in display mode as you can see in below screen.
Following is the screen shot for the user who has full access and I have not assigned authorization object to this user. So this user can change and edit attachments.
Try this in your system and don’t forget to rate and comment if you find this a helping document.