Additional Blogs by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting usage of document status values

Former Member
‎11-19-2014 7:13 PM

Restricting usage of document status values 


To ensure that only certain authorized users are be able to set a certain status values when working with project documentation; the authorization object S_IWB_ATTR can be used.

You can display the details of the authorization objects using transactions SU22 and SU24:

In order that an authorization check for the status is done (by auth. object: S_IWB_ATTR), make sure that this entry is maintained in the transaction SI24_13:

Entity: IWBSOLAR  
Value: IWB_STATE

Now, you can adjust the values of the authorization objects.


The authorization object can found in Knowledge Warehouse authorizations roles e.g. SAP_KM_KW_ADMINISTRATOR.


Copy the authorization role to customer name space and adjust the authorizations. See an example below:

The user with this authorization role will be able to create documents in projects and set the status values determined by the Attribute Value (IWB_PRPVA):

Now, in SOLAR01 and SOLAR02 it will be impossible to set other status values:

If the user attempts to create the document with a different status than allowed by the authorizations, the user will get an authorization error:

However, there is no direct authorization object to block project members to maintain or work with certain document types (defined in SOLAR_PROJECT_ADMIN à Project Standards à Documentation Types).

The restriction is only possible for creating a document. For that, you can use authority object S_IWB_ATTR:

IWB_PRPNAM =  IWB_SOLAR_DOCUTYPE


IWB_PRPVAL = AD (e.g. AD  is the documentation type).

Maintained a new entry in the transaction SI24_13:

And then define the authorization values:

The system will issue and authorization error for a user attempting to create a document type he/she is not authorized:

If you want to restrict access for a group of users to specific document types, you can do this combining the authorizations for the folder group and the project ID. You would need to restrict the following authorization objects:


- S_PROJECT with field PROJECT_ID

- S_IWB and S_IWB_ATTR with field IWB_FLDGRP.

Popular Blog Posts
Top kudoed authors
View all