cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization to display a template.

daniel_humberg
Contributor
0 Kudos

I have a project template for which the template responsible can maintain a list of users that shall be able to read it (tab "Authorizations").

However, this does not seem to be enough for a user to read a template.

If the user does not have any special profile, he/she is not able to read.

If he/she has a profile which includes the authorization object CPRO_DPT with activities 02 or 03, he/she is able to read ALL templates, also the templates for which they are not authorized.

So, CPRO_DPT seems to be too global. Is there any other profile/role that is needed?

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Daniel,

I think you need to remove this object as it is a global one.

Did you try to add the "project type" authorization object instead?

You can also make an authorization trace (ST01) in the backend in order to know which object is missing.

Matthias

daniel_humberg
Contributor
0 Kudos

Hi Matthias,

the authorization object for the project type was already in the same profile. It seems to work only for projects, not templates.

Furthermore, I did an auth-trace now.

It seems that only the authorization object CPRO_DPT with ACTVT=03 is checked (in my case with RC12 when not having the right profile).

The check is done in CL_DPR_AUTHORIZATION_SERVICES=>HAS_AUTHORITY_FOR_DPT.

This is strange: why am I maintaining authorizations on template level (inside the template in cPro), if they are not used for any checks? Are they only needed to copy them to projects?

It seems that a user can either see all templates (when having CPRO_DPT), or none.

Regards, Daniel