cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prevent deleting documents in Business Blueprint template project

Former Member

on ‎01-22-2009 6:30 PM

0 Kudos

Solman experts,

We have created a template project in our Solman 7.0 SAPKB70016 System. Currently, the users can delete any document that is uploaded to the project in Solar01 - Gen Documentation.

They have the ability to delete the document using the "delete row" button and the "delete document" trash can button.

I want to keep the users from being able to delete any document uploaded to the "Gen documentation" Tab regardless of who created/changed it.

I have looked at other posts, IMG, security guide, help, etc. Everything seems to be centered around the S_IWB authorization object, at least the documentation points to that.

I have also seen other posts/IMG that says to give users the SAP_SOL_KW_DIS and/or SAP_SOLAR01_DIS roles.

I'm not the security guy (I'm basis), but I have looked at the roles/profiles assigned to the average user, and I do see they have S_IWB but with Activity 01 (create or gen), 02 (change), 03 (display), 33 (read), 60 (import), 80 (print), and 95 (unlock).

Do you think these are giving them the ability to delete? or should I ask our security guy to just concentrate on giving them just the authorizations from SAP_SOL_KW_DIS / SAP_SOLAR01_DIS. Am I correct that the S_IWB authorization is key here?

Any guidance would be most appreciated.

Thanks!

Nick

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎01-26-2009 8:26 PM
0 Kudos

OK, well no one answered my post, so I had to figure it out on my own

I sent a message to SAP, they said you cannot remove a users' ability to use the "delete row" icon and they said actually that no authorization object controls this.

BUT, if a user does remove a doc this way, the document is still technically in the knowledge warehouse in solman. So you can run report SOLMAN_UNUSED_DOCUMENTS for any user and it'll show you any/all docs for a user who removed via the delete row button. You can view the doc and save it back to you PC and upload again....

Also, there is an icon in the "Gen. Documentation" tab in SOLAR01 that'll show a doc history of who did what and when.

So the best thing to do really, is make sure and remove S_IWB for the trash can, then be ready to retrieve accidentally deleted docs via that doc history icon and report SOLMAN_UNUSED_DOCUMENTS

Edited by: Nick Wells on Jan 26, 2009 10:56 PM

Show replies
Show replies
Former Member
‎01-22-2009 9:24 PM
0 Kudos

Looks like we did have the "delete" function in Auth obj S_IWB. So I had my security person uncheck the 06 (delete) entry and that removed the users' ability to delete a document via the trash can icon.

But they are still able to delete the document via the [-] "delete row" button.

I did an ST01 trace and from the looks of it, the authorization object related to this type of delete is

S_CTS_ADMI CTS_ADMFCT=TABL;

I'm going to do do some research before taking this away from users.

Show replies
Show replies
Ask a Question