11-20-2009 6:35 AM
Dear all,
sp01 - allows us to see all print spool
sp02 - only allows us to see own print spool
Is there any tcode that can allow only userA to see all print spool generated by TeamB (which has few users) ?
Reason being now we have a support team (TeamB) who will help to run transaction and generate the print spool, then they will pass the spool number to the business unit user (userA) to perform the printing and file the hardcopy.
How can this be facilitated ?
Comment and advice will be appreciated.
Thanks.
Regards,
Kent
11-20-2009 11:10 AM
Hi there,
From memory, the free text field for S_SPO_ACT is populated at creation of the spool request, so you may need a process to ensure that team B populate this user field (probably with a default "team B" ID)when they create the requests, I vaguely remember doing something with this years ago.
If the request is generated automatically, then you'll need to ensure the program populates the field with the defined user.
Good luck,
Tom
11-20-2009 6:59 AM
Hi Kent,
Is there any tcode that can allow only userA to see all print spool generated by TeamB
No... its not possible.
Thanks & Regards,
Nagendra.
11-20-2009 7:56 AM
Dear Nagendra,
How about creating a role with SP01 and control the access by the authorization object ?
Thanks.
Regards,
Kent
11-20-2009 8:11 AM
Hi Kent,
Check the authorization object S_SPO_ACT.
But, As per my knowledge its not possible.
Thanks & Regards,
Nagendra.
11-20-2009 9:38 AM
> But, As per my knowledge its not possible.
Luckily for Kent I disagree
Have a look at the SAPhelp page on S_SPO_ACT and the field SPOAUTH. This is triggered/fed by the spoolfile's attributes. If you manage to fill those properly you can selectively shield spoolfiles
http://help.sap.com/saphelp_nw70/helpdata/EN/c7/58c905e5bf11d18e2b0000e83dd9fc/frameset.htm
Jurjen
11-20-2009 9:48 AM
Hi Jurjen,
In my environment(4.7), this field SPOAUTH is not functioning.
When i am pressing F4 to get the list of users to assign in this field, nothing appearing.
So... i am not able to confirm that its possible.
Thanks & Regards,
Nagendra.
11-20-2009 10:21 AM
SPOAUTH is not a user field but a text field. I do not think any input help will be available so F4 doesn't give any usable info, that's true.
It works like this:
On the role side you specify values, with or without wildcards.
On the spoolfile side you can fill the corresponding field, called RQUATH, either programmatically or manually.
11-20-2009 10:42 AM
What you could consider doing is giving "the team" a background user of their own to schedule the printing jobs under. The name of this user will then be used in the auth check for the empty field, so they will all only need that one name and you can roll it out with the role.
The alternative would be maintaining all of their respective names, and I don't know how big the team is...
Just a thought.
Cheers,
Julius
11-20-2009 11:10 AM
Hi there,
From memory, the free text field for S_SPO_ACT is populated at creation of the spool request, so you may need a process to ensure that team B populate this user field (probably with a default "team B" ID)when they create the requests, I vaguely remember doing something with this years ago.
If the request is generated automatically, then you'll need to ensure the program populates the field with the defined user.
Good luck,
Tom
11-20-2009 12:22 PM
I guess the bugger is that people will not always remember to maintain such fields, and then the owner of the request's name is used in the check value. For any company larger than a "one office, one fax machine" shop this would not be manageable.
Please take note also that the concept changed with [SAP Note 119147|https://service.sap.com/sap/support/notes/119147] ... There is also an update which includes an enhancement point after the administrator checks. Here one could for example grant the access based on user group, or cost center, or even telephone number range, etc (see section 2.3.5)
Cheers,
Julius
11-23-2009 1:59 PM
Adding to what everyone else has suggested, i would think the authorization object S_ADMI_FCD is quite helpful to control the spool access.
If you have the value as SPAR for S_ADMI_FCD a user cannot access any other users spool request, if the value is SPOR you can access others spool requests, please check the various combinations available on this object along with the normal print related objects mentioned above