The attachment authorization control could be implemented with the help of authorization scope.

When you create an attachment via the Attachment button provided in attachment assignment block, you could also assign a given authorization scope for it.

Once the scope is maintained and the attachment is saved, it could never be changed any more.

/wp-content/uploads/2014/02/clipboard1_397415.png

The possible values of authorization scope could be maintained via customizing SPRO->Customer Relationship Management->Transactions->Basic settings->Define Authorization scope for Attachments.

For authorization domain, you should use exactly the same spelling as “ATTACHMENT”, as is defined in constant CL_CRM_SFW_ITSM_SWITCH_CHECK=>gc_auth_domain. And just use SAP predefined class CL_CRM_AUTH_SCOPE_STATIC_CHK.

/wp-content/uploads/2014/02/clipboard2_397416.png

Then you can maintain the authorization scope values:

/wp-content/uploads/2014/02/clipboard3_397417.png

In the runtime, the authorization domain “ATTACHMENT” together with the authorization scope of current attachment will be evaluated by the view controller of attachment assignment block view: if authorization check fails for current user, the attachment being evaluated will not appear in the attachment assignment block.

/wp-content/uploads/2014/02/clipboard4_397418.png

The authorization check is done via check against authorization object CRM_AUTHSC:

/wp-content/uploads/2014/02/clipboard5_397419.png

if you need to view what authorization is granted to your user, you can execute report RSUSR070, specify Authorization Object as CRM_AUTHSC:

/wp-content/uploads/2014/02/clipboard7_397420.png

The report result shows that authorization is included in four roles, double click one of them:

/wp-content/uploads/2014/02/clipboard8_397421.png

click “Authorizations” tab and click display button:

/wp-content/uploads/2014/02/clipboard9_397422.png

Use search function:

/wp-content/uploads/2014/02/clipboard10_397423.png

The result indicates that my user in our dev system has authorization to create, display, change and delete on attachments belonging to any authorization domain & scope.

/wp-content/uploads/2014/02/clipboard11_397424.png

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply