cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Charm Status Check

Go to solution
Former Member

on ‎02-09-2009 12:47 PM

0 Kudos

Hi

Could anybody explain me the best approach to restrict document change based on user status?

I know that B_USERSTAT is the authorization object to control secutrity.

But I am facing the following situation.

Status Auth key

-

E0001 SDCR_001

E0002 SDCR_002

E0003 SDCR_003

E0004 SDCR_004

I want a user who has SDCR_001 only to allow E0001 actions, but for changing status (SET_STATUS) to E0002, authrization is checked and rejected because the user does not have SDCR_002. (This is technically understandable.....)

For resolving this situation, what settings are most recommended?

BR

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-09-2009 12:56 PM
0 Kudos

Usually "actions" are executing methods/programs which can be restricted. But there is no general way to restrict action like it is done for changing a status.

Would be nice to have authorization keys for action definitions but this is not available without additional coding.

Show replies
Show replies
Former Member
‎02-10-2009 5:23 AM
0 Kudos

I found SAP note 1097632 which seems related to my problem.

https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=0001097632&nla...

-

You use authorization checks in Change Request Management.

You want only certain users to have authorization to set the status for a Change Request Management transaction.

Solution

Implement the attached correction instructions.

-

My SolMan has corresponding support package. but what does it mean? Anybody knows?

Answers (2)

Answers (2)

Former Member
‎02-10-2009 7:37 AM
0 Kudos

The auth. key you mentioned is only checked for setting the status. So you need auth. key SDCR_001 to set status to E0001.

The availability of actions is based on a status. In document status E0001 there might be an action which will set status to E0002 if executed. When executing the action system will not check if the user got the appropriate right to perfom the action itself but will check if the user got the auth. to do what the action would do (i.e. setting status to E0002).

So lets say you got different actions like:

a) setting status to E0002

b) logon to a system

c) performing a check for critical objects

d) .....

These actions will be available to anyone who opens the document in change mode.

When one of these actions is executed the user needs the authorization to do what the action will do. Which means the user needs auth. to a) set status to E0002 (which will be checked via key SDCR_001), b) logon to a system (which will be restricted via the availability of the corresponding user in the target system), c) performing a check for critical objects (auth. to perform the report which will check for critical objects will be checked).

There is nothing like:

Action // Auth. Key

"Action 1" // XYZ_001

"Action 2" // XYZ_002

"Action 3" // XYZ_003

Hope this helps a bit.

Regards

Show replies
Show replies
Former Member
‎02-10-2009 5:43 AM
0 Kudos

HI,

USER Authorization

Administrator

SAP_CM_SMAN_ADMINISTRATOR

Change Manager

SAP_CM_SMAN_CHANGE_MANAGER

IT Operator

SAP_CM_SMAN_OPERATOR

Developer

SAP_SOCM_DEVELOPER

Developer Tester Prod. Manager Operator Administrator

Display X X X X X

Create X --- --- --- X

Change --- --- --- --- X

Delete --- --- --- --- X

Run X X X X X

Change status X X X X X

Regards

Sreedhar Reddy

Show replies
Show replies
Ask a Question