Solved: Limit Access to SBWP (Business Workplace)???

Former Member · ‎03-13-2009

Hello,

I have a requirement to allow Admins to review workflow entries in their boss's inbox. I've figured out how to do this through a "passive substitution". The next problem I have is that once an admin can view all of their boss's workflow items via SBWP I can't figure out a way to restrict access to only view them. I've toyed with authorizations for about 2-3 hours but can't seem to restrict any basic functionality.

I've given access to SBWP at the S_TCODE level and deactivated all other options but nothing seems to stop full access.

Is there a way to restricts access once some is in SBWP? Such as allow to view or forward items but not execute them?

Any help is appreciated,

Jonathan

Former Member · ‎03-14-2009

HI Jonathan,

If they ony have to view what dont you use some other transaction like SWI5 or SWi1 there are quite a few other transactions for review of workflows.. Try having a look at them they just might be useful

Best Wishes,

CP

Former Member · ‎03-13-2009

Hi,

Please perform trace on the admin id, so that you will come to know the object used for the specific action which you don't want them to do.

Regards,

Gowrinadh

Former Member · ‎03-14-2009

HI Jonathan,

If they ony have to view what dont you use some other transaction like SWI5 or SWi1 there are quite a few other transactions for review of workflows.. Try having a look at them they just might be useful

Best Wishes,

CP

Former Member · ‎03-15-2009

This message was moderated.

Former Member · ‎03-16-2009

CP,

The transaction SWI5 gives me what I need. I appreciate the help.

Jonathan

Former Member · ‎03-20-2009

I thought this solution worked but after testing, it does not. This works well for a workflow that is sitting in someone's inbox, but if that workflow reaches a deadline and gets moved to another inbox, it will not show up via the report. It still shows in the first persons inbox.

I'm trying to create a home-grown transaction to call the function RH_LOCAL_INBOX_GET to pull the information. I set a Parameter ID of 'WID'. I want to use a CALL TRANSACTION 'SWI1' AND SKIP FIRST SCREEN when an item is double-clicked but for some reason I can't get it to work.

Are there any standard function calls or BAPI's that will display the item information from the wi_id value?

- Jonathan

Former Member · ‎04-11-2009

sorry jonathan i am not yet an expert in workflows... best to try it out in the workflow forum, if u havent already...

Former Member · ‎04-13-2009

Hi Jonathan ,

this restriction is possible through the authorization object S_OC_FOLCR . Do not ever add t-code manually in S_TCODE object. Add the t-code SBWP under menu portion of PFCG , this will allow the auth. objects that maintained at su24 level to be added in the role Then go to authorization tab and maintain and restrict field values as per requirement.

Auth. object S_OC_FOLCR will allow you to do the required restrictions.

Regards

Kanti

Former Member · ‎04-14-2009

Kanti,

Thank you for responding. I just took a look at the S_OC_FOLDER option and see 2 options available. " G- Group folder" and "M - Client Folder". I'm not sure how this would restrict others from approving workflows for another employee.

Thanks,

Jonathan