cancel
Showing results for 
Search instead for 
Did you mean: 

Document level Authorization

Former Member
0 Kudos

Hi Gurus

Can user(Owner) define authorization for the roles/user to change / display particular document. As i know we can control the users by status level, but our client doesn't want to check any values. They just want to restrict the users to change/display the particular document.

The requirement is that, If a document is created by a user then he should be able to define the authorization for other users. Suppose is he gives display access to USER1 the USER1 should only be able to view the document. If he gives change access to USER2 then USER2 can be able to change the document.

Regards

Raja

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Raja,

using ACL's you can assign individual authorization to each DIR.

Search for ACL in this forum and you will find a lot.

regards Iring

Former Member
0 Kudos

Thanks Iring...

I have already checked ACL , but there are some problems in ACL

Can you please provide your Suggestions/Solutions for the below issues

We have 2 users => USER1, USER2

USER1 is authorized for create, change & display (not for delete)

USER2 is authorized for display (not for create, change & delete)

Issue-1:

Suppose if USER1 provides "NOAUTH" to USER2 in Authorization Tab then the system should restrict USER2 to access that document. But the system allows USER2 to view the document (CV03N ).

There are no entries defined for the authorization object ACO SUPER .

Issue-2

If there is no entry for USER2 in Authorization Tab then he can't be able to view the document even he is authorized to display the document in CV03N.

Issue-3

If USER2 wants to delete all the entries defined in Authorization Tab then he can't be able to delete the entry for USER2 (same user).

Issue-4:

If a document is created by USER3 then the system should not allow USER2 to specify the authorization in Authorization Tab in CV01N.

Regards

Raja

christoph_hopf
Advisor
Advisor
0 Kudos

Hi Raja,

regarding the mentioned issue I would kindly ask you to check if the SAP note 1302388 could help to improve the behavior in your system.

Best regards,

Christoph

Former Member
0 Kudos

HI Christoph

Thanks for your comments.

Sorry for the delay. I have gone through the above mentioned SAP note (No:1302388), it was mentioned that it is not possible for inherited users to change authorizations for local users despite having ACO_SUPER authorization, Can u please clarify, in the above scenario, whom you meant the inherited user and local users.

Regards

Raja

Answers (1)

Answers (1)

Makal
Active Contributor
0 Kudos

I do not think, this is possible in standard SAP.