cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Archive Link problem (Authorization for Service for Object)

Go to solution
Former Member

on ‎05-26-2009 8:51 AM

0 Kudos

Hi Experts,

Currently I am facing problem with archive link, after attaching documents through Tr. OAWD these documents will be available in service for object as attachment, until this it is working fine.

But, after that those users who are not authorized can delete or see confidential documents attach with tr. such as PA20 or PA30. Is there any authorization available while using archive link so that restrict those users who are not authorized for deleting or viewing confidential documents.

Needed help with example of codes or screen shots in case of enhancement.

Thanks in advance....

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-26-2009 11:54 AM
0 Kudos

Hi,

Archive link has two standard roles:

SAP_BC_SRV_ARL_ADMIN

SAP_BC_SRV_ARL_USER

u ca maintain roles under SAP menu: archivelink administration> Administration> SAP ArchiveLink monitoring --> role maintenenace.

Also :

Tools --> Administration > User Maintenance>role Administration ->roles.

there are three authorization objects for business object types and ABAP program names.

'S_WFAR_OBJ' , 'S_WFAR_RED' -

in both these authorization objects u have the activities defined for read, delete etc......

'S_WFAR_PRI'

Check these authorization objects. May be with these authorization objects u can restrict the unauthorized users.

Since independent of the current SAP application authorization, SAP ArchiveLink checks the general authorizations for accessing image documents.

also check for system note no.199089.

regards,

Kavitha

Show replies
Show replies
Former Member
‎05-26-2009 12:42 PM
0 Kudos

Hi,

Authorization objects or Roles you have mentioned are related to archive link and i think you are not understand my queries properly.

Actually user don't have any problem while using ArchiveLink and only concerned is i don't want unauthorized user to access/delete documents attach with Service for Object while other authorised user can access/delete documents attach in Tr. codes PA20 or PA30.

So, needed Authorization objects related to Service for Object for Read/Delete activity only.

any way thanks for your help

thx..

Former Member
‎05-26-2009 1:11 PM
0 Kudos

The object you are needing is S_WFAR_OBJ

This allows you to control who can delete by object and document type.

Former Member
‎05-26-2009 1:30 PM
0 Kudos

Ok,

I will check with this authorization object and try to resolve issue.

any way thanks...

Former Member
‎05-28-2009 11:28 AM
0 Kudos

Hi Athol,

The Authorisation Object "S_WFAR_OBJ" is not the object i am looking for as unauthorized user still can access/delete documents attach with service for object which are linked from Tr. OAAD or OAWD.

Again i am repeating my query, Actually user don't have any problem while using ArchiveLink and only concerned is i don't want unauthorized user to access/delete documents which he see in Service for Object in Tr. codes PA20 or PA30, those documents are linked from ArchiveLink.

So, needed Authorization object related to documents we access from Service for Object which we attached from ArchiveLInk.

Any suggestions from ArchiveLink Experts...

thanks..

Former Member
‎05-28-2009 11:33 AM
0 Kudos

If its any archivelink document then S_WFAR_OBJ would be your object.

This leads me to believe one of the following:

a) the user already has this authorisation object in another role in their profile

b) the document they are deleting is not an ArchiveLink object but a general attachment stored using generic object services.

S_WFAR_OBJ allows for you to limit the object by archivelink document type, archivelink object type (i.e. prel) and method (create, delete etc)

Answers (2)

Answers (2)

Former Member
‎07-01-2009 11:43 AM
0 Kudos

resolved

Show replies
Show replies
Former Member
‎03-15-2013 10:01 AM
0 Kudos

Mi Sam,

May I ask you how did you solve the issue? We are facing the same problem. And users can see files from pa20, pa30 of diffrent users.

Thanks a lot.

Former Member
‎11-25-2013 3:51 PM
0 Kudos

Hi Sam,

May I ask you how did you solve the issue?

Could you please share the solution applied?

We are facing the same problem where users can see and edit files from pa20, pa30 of different users.

Thank you in advance.

Best regards,

Former Member
‎02-04-2014 12:42 PM
0 Kudos

Hi,

I also have the same problem: my requirement is not show attachments on PA20 for some users.

May I ask you how did you solve the issue?

Thanks

sasmita_mekap
Advisor
Advisor
‎02-05-2014 11:26 AM
0 Kudos

Hi Gi,

If it is for archivelink documents access, then you can restrict users by maintaining authorization object S_WFAR_OBJ for them accordingly.

The authorization object S_WFAR_OBJ consists of the following four fields:

---> OAARCHIV SAP ArchiveLink archive ID

        This field is used to check the access authorization for particular physical archives. These 

         archives need to be maintained. 

---> OAOBJEKTE Object type

The access authorization can be differentiated according to the object types which are maintained. An application-specific access to documents can be controlled via the object types. All object types which have been maintained can be used.

----> OADOKUMENT SAP ArchiveLink document type of the archived document

  This authorization field can be used to check access to document types. All global document types are permitted. 

---> ACTVT Activity

This authorization field can be used to define particular access modes to archived documents. The following activities apply:

  • 01 : Create
  • 02 : change
  • 03 : Display

  When an archived document is displayed from an application transaction, the authorization checks are performed by the application transaction. The applications can decide whether the authorizations required for this application transaction also authorize the person involved to display archived documents or whether the SAP ArchiveLink authorization check also applies. 

  • 04 : Print
  • 06 : Delete
  • 70 : Administration

Just as an example below:

Field

Values

OAARCHIV

A1

OAOBJEKTE

BKPF

OADOKUMENT

*

ACTVT

01, 03, 04

The user can display, print and generate (that is, archive) all document types of object type BKPF which have been, or are to be, archived in archive A1.

Of the R/3 authorization objects provided by SAP, only the activity (ACTVT) is assigned a value. The other fields can be set by system administration as required.

Thanks and Regards,

Sasmita

Former Member
‎05-29-2009 11:51 AM
0 Kudos

Hi,

SMA ra,

Please find these are main functionalities i know regarding GOS

All object services are available in a function list (toolbox) in which the following functions are offered.

u2022Entry of personal or general notes for an object

u2022Creation of attachments to an object

u2022Creation of relationships between an object and documents that are in the optical archive or that are subsequently scanned in and stored.

u2022Starts a workflow for an object

u2022Display of an overview of all workflows, where an object is involved

u2022Display of an overview of all business objects that are linked to an object You can call the linked objects by double-clicking - independent of whether the objects are from the current system or another SAP System.

u2022Sending of an object as an attachment of a message

u2022Subscription of an object. The user is then notified of changes to the subscribed object.

u2022Adding an object to the favorites list.

The list of the favorite objects and a list with the objects that were last edited by a user are not part of the toolbox. You cannot only call the lists when editing a Business Object, but rather everywhere in the SAP System. By double-clicking you can go directly to one of the objects listed.

http://help.sap.com/saphelp_nw04/helpdata/en/be/3fe63659241157e10000009b38f889/frameset.htm

I tinks your check your aprroch, GOS is open for all any body can display. so that u have to use Abow mentioned authorizzation object to control end user from display what ever.

Show replies
Show replies
Ask a Question