Restricting usage of document status values 

To ensure that only certain authorized users are be able to set a certain status values when working with project documentation; the authorization object S_IWB_ATTR can be used.

You can display the details of the authorization objects using transactions SU22 and SU24:/wp-content/uploads/2014/11/1_589135.jpg

In order that an authorization check for the status is done (by auth. object: S_IWB_ATTR), make sure that this entry is maintained in the transaction SI24_13:/wp-content/uploads/2014/11/2_589181.jpg

Entity: IWBSOLAR  
Value: IWB_STATE

Now, you can adjust the values of the authorization objects.

The authorization object can found in Knowledge Warehouse authorizations roles e.g. SAP_KM_KW_ADMINISTRATOR.

Copy the authorization role to customer name space and adjust the authorizations. See an example below:

/wp-content/uploads/2014/11/3_589182.jpg

The user with this authorization role will be able to create documents in projects and set the status values determined by the Attribute Value (IWB_PRPVA):

/wp-content/uploads/2014/11/4_589190.jpg

Now, in SOLAR01 and SOLAR02 it will be impossible to set other status values:

/wp-content/uploads/2014/11/5_589191.jpg

If the user attempts to create the document with a different status than allowed by the authorizations, the user will get an authorization error:

/wp-content/uploads/2014/11/6_589192.jpg

However, there is no direct authorization object to block project members to maintain or work with certain document types (defined in SOLAR_PROJECT_ADMIN à Project Standards à Documentation Types).

The restriction is only possible for creating a document. For that, you can use authority object S_IWB_ATTR:

IWB_PRPNAM =  IWB_SOLAR_DOCUTYPE

IWB_PRPVAL = AD (e.g. AD  is the documentation type).

Maintained a new entry in the transaction SI24_13:

/wp-content/uploads/2014/11/7_589194.jpg

And then define the authorization values:

/wp-content/uploads/2014/11/8_589204.jpg

The system will issue and authorization error for a user attempting to create a document type he/she is not authorized:

/wp-content/uploads/2014/11/9_589205.jpg

If you want to restrict access for a group of users to specific document types, you can do this combining the authorizations for the folder group and the project ID. You would need to restrict the following authorization objects:

– S_PROJECT with field PROJECT_ID

– S_IWB and S_IWB_ATTR with field IWB_FLDGRP.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply