03-17-2009 9:51 PM
Hi All,
I have an issue, regarding servcies for object button, all users have access to delete documents saved using the u201CServices for Objectsu201D button. I would like to limit who can delete objects like scanned COAs, etc. As you can see several transactions have the u201CServices for Objectsu201D button.
Is there a common security object for the service for objects deletion or does each transaction QA02, CO02, QE01, etc need to have changes to the access?
Please help.
Thank You.
Kind Regards,
CrossFire.
03-17-2009 10:28 PM
As far as I know, it is application (transaction) specific.
Perhaps if you take a look into the S_OC* authorization objects and table SGOSATTR for options to tweak it, and the ability to prevent the user from clearing their object history (as a compensating control), then it will meet your requirement.
Personally, I have only experimented with this - and preventing users from influencing their PIDs is a very tough call.
Plan B is a backup... to restore (and transfer) the objects from.
Cheers,
Julius
Edited by: Julius Bussche on Mar 17, 2009 11:47 PM
SGOSATTR added.
01-20-2010 7:42 AM
I've seen the sapnote 491271 about authorizations for generic object services but there is not solution for realise 4.7.
Anybody knows how to solve this issue in release 4.7?
Thanks