Key authorizations for Process Management/Solution Documentation in SolMan 7.2 – Overview
You can find detail information on the authorization concept with SAP Solution Manager 7.2 in the
Authorization Concept Security Guide.
This blog describes the most important roles and authorization objects for Process Management / Solution Documentation in SAP Solution Manager 7.2. The Solution Documentation authorization objects and roles used in SAP Solution Manager 7.1 were changed and replaced with new authorization roles and new authorization objects.
Most important authorization objects for Process Management/Solution Documentation in SolMan 7.2
The most important authorization objects (responsible for an access to solution documentation elements, objects and assignments) of the Process Management/Solution Documentation scenarios are:
- SM_SDOC(Solution Documentation) – authorizations for the solution documentation activities (creation of solution/branch/structure/content etc.)
- SM_SDOCADM (Solution Administration) – authorizations for the solution administration activities (creation of the solution landscape, logical component groups, documentation types etc.)
- SM_GAL_GO (Authorization Object for Graphical Component Global Objects)
All objects are contained in the authorization roles SAP_SM_SL_*.
Authorization objects related to Solution Manager documents:
- S_SMDDOC(Solution Manager Document Authorization) – this object restricts the activities that can be done on a document level.
- S_SMDATT(Solution Manager Document Attribute Authorization Object) – this object restricts the usage of attributes for documents.
Both objects are contained in the authorization roles SAP_SM_KW_*.
Most important single roles for Process Management/Solution Documentation in SolMan 7.2
The SAP_SM_SL_* roles contain all relevant authorizations for process documentation.
The most important single roles to work with the Process Management/Solution Documentation applications are:
- SAP_SM_SL_ADMIN (Process Management Administration) – This role provides full authorizations for Solution Administration (transaction SOLADM/SLAN).
- SAP_SM_SL_EDIT (Solution Documentation Edit) – This role allows to edit the solution process documentation (auth. object SM_SDOC) with BPMN (display) and display the solution administration information.
- AP_SM_SL_DISPLAY (Solution Documentation Display) – This role provides you only display authorizations for the Solution Landscape and process documentation in SAP Solution Manager 7.2.
- SAP_SM_KW_* – Those roles contain authorization objects relevant for Solution Manager documents:
- SAP_SM_FIORI_LP_EMBEDDED (Embedded Use of the Fiori Launchpad in SAP Solution Manager) – This role allows you to access the Process Management/Solution Documentation functionalities via the Fiori Launchpad tiles.
- SAP_SMWORK_IMPL – This role is relevant for work center UI navigation. It will make possible to see the tiles in the Fiori Launchpad based on the assigned authorization groups.
- SAP_SUPPDESK_CREATE – This role is used for the key users in the Service Desk scenario in the SAP Solution Manager system. You may need this role if you allow for creations of messages form the Solution Documentation application.
- SAP_SM_TREX_ADMIN – Configuration User Role for TREX ADMIN (SOLMAN_SETUP Transaction).
Composite roles for Process Management/Solution Documentation
SAP delivers the following composite roles for Process Management/Solution Documentation for the different end user functions:
- SAP_SOL_CONFIG_COMP for execution of Process Management in SOLMAN_SETUP (the configuration user)
- SAP_SOL_PM_COMP for Project Management functions
- SAP_SOL_AC_COMP for execution of Application Consultant functions: Application Consultants plan the functional requirements for a project with the Project Manager and then carry out the required configuration tasks in the system.
- SAP_SOL_TC_COMP for execution of Technical Consultant functions – Technical Consultants plan the technical requirements for a project with the Project Manager and the manager of the technical team and then carry out the required technical tasks in the system.
- SAP_SOL_BC_COMP for execution of Basis / Development Consultant functions – Development Consultants work with the project manager and the application consultant on the planning and organization of the authorization concept. They also perform developmental tasks and customer-specific developments.
- SAP_SOL_RO_COMP for a display user – This type of user can only display information.
- SAP_SOL_RE_COMP for read only user – This type of user can read documents (according to the document status).
Hello Former Member,
Thanks for this information.
We are also looking for Folder Base Authorization to restrict user for accessing certain node and Documents. If you can help to generate folder and assign document and authorization. Or any alternative solution. Also do we have "Site" specific authorization and view?
Thanks,
Ashish
Hi,
I have a question.
I only want to restrict one attribute of the document i manually uploaded, can you suggest which is the field activity??
The attribute is the "Document Status", by default it has the values "In Progress, Copy Editing, Review and Released", i have to restrict the user to not Release the Document.
Regards,
Sebastian
Hello,
You can use SAP_SL_KW* role for Document authorization.
You can use below authorization.
Regards,
Ashish
Hi Sebastian
There are 4 status in the Solution documentation: - "In Progress, Copy Editing, Review and Released” How to change the access rights of the document, after change the document status? What the access level of the document when it has status "In Progress"? What the access level of the document when it has status "Review"? What the access level of the document when it has status "Copy Editing"? What the access level of the document when it has status "Released"?Will be file blocked in any of the status?
Hi Ashish,
Thanks and I am fully aware of this Authorization object.
Here is my requirement.
UserA, has the authorizations object S_SMDDOC and Document Status 0RELEASED, 0REVIEW.
Now my requirement is he should not have the access to change the document status from REVIEW to Released
Regards, Sebastian
I was able to get what i wanted,
Case1: UserA, should have the authorizations object S_SMDDOC and Document Status 0RELEASED, 0REVIEW.
Added the object S_SMDDOC twice
Case 2. User should not have the access to change the document status from REVIEW to Released
This can be achieved by the object S_SMDATT
Hope this will be useful for someone else.
Regards, Sebastian
Hi,
I have almost the same need and found the same technical solution than Pikakala Sebastian ; I set the object SM_SDDOC as describe as below.
The need is to “protect” the “released” documents (status = “0released”) againts modification, but to be able to update the others documents (status “in progress” for exemple) in the same folder.
To be able to update the others documents I set auth.object SM_SDOC with activity 02 on my branch/solution
Activity 01, 02, 03
Branch “my branch”
Solution “my solution”
Authorization Area DEFAULT
Authorization Group DEFAULT
The protection works well… but the “released documents” are displayed without informations (doc type, status, sensitivity, priority are empty, and the document name = document type; not the real document name, … see fig2).
fig2 :
1 – I tried the same with the other properties (document type, sensitivity…) the behavior is the same.
2 – I tried to set auth.object SM_SDOC with only activity “03 – Display”; the document name, and properties of a “released” document are displayed… but I do not have the option to update the “in progress” documents.
Pikakala Sebastian : did you have the same behavior from your side ?
Former Member : many thanks for your many helpfull blogs! did you already met this need and this behavior?
Thanks to all people able to help me to fix my problem.
Hello!
Can in Solution Documentation 7.2 replace document templates with other templates of our company? If so, how can this be done?
Thank you!
Es posible agregar un flujo de aprobación para un documento?