Skip to Content
Author's profile photo Former Member

Restricting usage of document status values

Restricting usage of document status values 

To ensure that only certain authorized users are be able to set a certain status values when working with project documentation; the authorization object S_IWB_ATTR can be used.

You can display the details of the authorization objects using transactions SU22 and SU24:/wp-content/uploads/2014/11/1_589135.jpg

In order that an authorization check for the status is done (by auth. object: S_IWB_ATTR), make sure that this entry is maintained in the transaction SI24_13:/wp-content/uploads/2014/11/2_589181.jpg

Entity: IWBSOLAR  

Now, you can adjust the values of the authorization objects.

The authorization object can found in Knowledge Warehouse authorizations roles e.g. SAP_KM_KW_ADMINISTRATOR.

Copy the authorization role to customer name space and adjust the authorizations. See an example below:


The user with this authorization role will be able to create documents in projects and set the status values determined by the Attribute Value (IWB_PRPVA):


Now, in SOLAR01 and SOLAR02 it will be impossible to set other status values:


If the user attempts to create the document with a different status than allowed by the authorizations, the user will get an authorization error:


However, there is no direct authorization object to block project members to maintain or work with certain document types (defined in SOLAR_PROJECT_ADMIN à Project Standards à Documentation Types).

The restriction is only possible for creating a document. For that, you can use authority object S_IWB_ATTR:


IWB_PRPVAL = AD (e.g. AD  is the documentation type).

Maintained a new entry in the transaction SI24_13:


And then define the authorization values:


The system will issue and authorization error for a user attempting to create a document type he/she is not authorized:


If you want to restrict access for a group of users to specific document types, you can do this combining the authorizations for the folder group and the project ID. You would need to restrict the following authorization objects:


– S_IWB and S_IWB_ATTR with field IWB_FLDGRP.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.