Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to control spool access ?

Go to solution
Former Member

‎11-20-2009 6:35 AM

0 Kudos

Dear all,

sp01 - allows us to see all print spool

sp02 - only allows us to see own print spool

Is there any tcode that can allow only userA to see all print spool generated by TeamB (which has few users) ?

Reason being now we have a support team (TeamB) who will help to run transaction and generate the print spool, then they will pass the spool number to the business unit user (userA) to perform the printing and file the hardcopy.

How can this be facilitated ?

Comment and advice will be appreciated.

Thanks.

Regards,

Kent

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎11-20-2009 11:10 AM

0 Kudos

Hi there,

From memory, the free text field for S_SPO_ACT is populated at creation of the spool request, so you may need a process to ensure that team B populate this user field (probably with a default "team B" ID)when they create the requests, I vaguely remember doing something with this years ago.

If the request is generated automatically, then you'll need to ensure the program populates the field with the defined user.

Good luck,

Tom

10 REPLIES 10

Go to solution
Former Member

‎11-20-2009 6:59 AM

0 Kudos

Hi Kent,

Is there any tcode that can allow only userA to see all print spool generated by TeamB

No... its not possible.

Thanks & Regards,

Nagendra.

Go to solution
Former Member
In response to Former Member

‎11-20-2009 7:56 AM

0 Kudos

Dear Nagendra,

How about creating a role with SP01 and control the access by the authorization object ?

Thanks.

Regards,

Kent

Go to solution
Former Member
In response to Former Member

‎11-20-2009 8:11 AM

0 Kudos

Hi Kent,

Check the authorization object S_SPO_ACT.

But, As per my knowledge its not possible.

Thanks & Regards,

Nagendra.

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎11-20-2009 9:38 AM

0 Kudos

> But, As per my knowledge its not possible.

Luckily for Kent I disagree

Have a look at the SAPhelp page on S_SPO_ACT and the field SPOAUTH. This is triggered/fed by the spoolfile's attributes. If you manage to fill those properly you can selectively shield spoolfiles

http://help.sap.com/saphelp_nw70/helpdata/EN/c7/58c905e5bf11d18e2b0000e83dd9fc/frameset.htm

Jurjen

Go to solution
Former Member
In response to Former Member

‎11-20-2009 9:48 AM

0 Kudos

Hi Jurjen,

In my environment(4.7), this field SPOAUTH is not functioning.

When i am pressing F4 to get the list of users to assign in this field, nothing appearing.

So... i am not able to confirm that its possible.

Thanks & Regards,

Nagendra.

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎11-20-2009 10:21 AM

0 Kudos

SPOAUTH is not a user field but a text field. I do not think any input help will be available so F4 doesn't give any usable info, that's true.

It works like this:

On the role side you specify values, with or without wildcards.

On the spoolfile side you can fill the corresponding field, called RQUATH, either programmatically or manually.

Go to solution
Former Member

‎11-20-2009 10:42 AM

0 Kudos

What you could consider doing is giving "the team" a background user of their own to schedule the printing jobs under. The name of this user will then be used in the auth check for the empty field, so they will all only need that one name and you can roll it out with the role.

The alternative would be maintaining all of their respective names, and I don't know how big the team is...

Just a thought.

Cheers,

Julius

Go to solution
Former Member

‎11-20-2009 11:10 AM

0 Kudos

Hi there,

From memory, the free text field for S_SPO_ACT is populated at creation of the spool request, so you may need a process to ensure that team B populate this user field (probably with a default "team B" ID)when they create the requests, I vaguely remember doing something with this years ago.

If the request is generated automatically, then you'll need to ensure the program populates the field with the defined user.

Good luck,

Tom

Go to solution
Former Member
In response to Former Member

‎11-20-2009 12:22 PM

0 Kudos

I guess the bugger is that people will not always remember to maintain such fields, and then the owner of the request's name is used in the check value. For any company larger than a "one office, one fax machine" shop this would not be manageable.

Please take note also that the concept changed with [SAP Note 119147|https://service.sap.com/sap/support/notes/119147] ... There is also an update which includes an enhancement point after the administrator checks. Here one could for example grant the access based on user group, or cost center, or even telephone number range, etc (see section 2.3.5)

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎11-23-2009 1:59 PM

0 Kudos

Adding to what everyone else has suggested, i would think the authorization object S_ADMI_FCD is quite helpful to control the spool access.

If you have the value as SPAR for S_ADMI_FCD a user cannot access any other users spool request, if the value is SPOR you can access others spool requests, please check the various combinations available on this object along with the normal print related objects mentioned above