Restricting usage of document status values
To ensure that only certain authorized users are be able to set a certain status values when working with project documentation; the authorization object S_IWB_ATTR can be used.
Now, you can adjust the values of the authorization objects.
The authorization object can found in Knowledge Warehouse authorizations roles e.g. SAP_KM_KW_ADMINISTRATOR.
Copy the authorization role to customer name space and adjust the authorizations. See an example below:
The user with this authorization role will be able to create documents in projects and set the status values determined by the Attribute Value (IWB_PRPVA):
Now, in SOLAR01 and SOLAR02 it will be impossible to set other status values:
If the user attempts to create the document with a different status than allowed by the authorizations, the user will get an authorization error:
However, there is no direct authorization object to block project members to maintain or work with certain document types (defined in SOLAR_PROJECT_ADMIN à Project Standards à Documentation Types).
The restriction is only possible for creating a document. For that, you can use authority object S_IWB_ATTR:
IWB_PRPNAM = IWB_SOLAR_DOCUTYPE
IWB_PRPVAL = AD (e.g. AD is the documentation type).
Maintained a new entry in the transaction SI24_13:
And then define the authorization values:
The system will issue and authorization error for a user attempting to create a document type he/she is not authorized:
If you want to restrict access for a group of users to specific document types, you can do this combining the authorizations for the folder group and the project ID. You would need to restrict the following authorization objects:
– S_PROJECT with field PROJECT_ID
– S_IWB and S_IWB_ATTR with field IWB_FLDGRP.