Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S-WFAR_OBJ

Go to solution
Former Member

‎08-26-2011 2:41 PM

0 Kudos

Hi Experts, i was wandering if someone could ease some concerns i have. I am looking at implementing an authority check in an abap programme. That does a check on a value in the Auth Obj S_WFAR_OBJ. the soloution i am trying to put in place is all based around SAP Archiving and the logical archive defined in the system. The auth check with basically look in here and if thwe users role contains a value of HR will only show docs archived from the HR logical archive.

We seem to have this auth object in a number of our roles, but with a star value proposed. Is this object used for anything other than SAP archving?? As from what i have read it is not used for anything else other than this purpose and su24 seems to tell me its not either. If i get some kind of re-assurance that it is not i can cut my testing window down by half, as for some un known reason we seem to have this object in all of our finance type roles.

Thank you in adcance

DC

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎08-26-2011 2:55 PM

0 Kudos

Unfortunately for you your hope of a easy solution is small.

S_WFAR_OBJ is also used for document storage in archive repositories. The most notable of these is in the Global Object Services attachment lists, which are called from many transactions (e.g. FB03 to display an accounting record which is in turn called from hundreds of list reports.

Are you also using the GOS services in your own ABAP? Why did you want to check S_WFAR_OBJ? (is it checked later by some standard function anyway?)

The correct thing to do would be to take up the lead in creative an archive repository concept for your company and correct all the roles to the proper values they should have.

Being a Friday afternoon, you could also alternately create a special Z_HR_ARCH authorization object and check that one in your program, but you should first verify whether the S_WFAR_OBJ will be needed anyway. If so, then the other roles will access your HR repository anyway.

This is one of the restraints responsibilities to having HR in the same system as your FI / CO / MM etc etc. You must ensure a more granular authorization concept.

Cheers,

Julius

3 REPLIES 3

Go to solution
Former Member

‎08-26-2011 2:55 PM

0 Kudos

Unfortunately for you your hope of a easy solution is small.

S_WFAR_OBJ is also used for document storage in archive repositories. The most notable of these is in the Global Object Services attachment lists, which are called from many transactions (e.g. FB03 to display an accounting record which is in turn called from hundreds of list reports.

Are you also using the GOS services in your own ABAP? Why did you want to check S_WFAR_OBJ? (is it checked later by some standard function anyway?)

The correct thing to do would be to take up the lead in creative an archive repository concept for your company and correct all the roles to the proper values they should have.

Being a Friday afternoon, you could also alternately create a special Z_HR_ARCH authorization object and check that one in your program, but you should first verify whether the S_WFAR_OBJ will be needed anyway. If so, then the other roles will access your HR repository anyway.

This is one of the restraints responsibilities to having HR in the same system as your FI / CO / MM etc etc. You must ensure a more granular authorization concept.

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎08-26-2011 3:06 PM

0 Kudos

Hi thanks for this,

perhaps i coudl explain what i am doing a little better. We are using IXOS as our scan client and have the barcode soloution set up for HR attachemtns and Finance attachemtns.

When users enter the barcode against a record either HR or Fi. It goes into the BDS_BAR_IN table awaiting a document to be scanned with the same barcode on it.

This goes into the table bds_bar_ex viewed by the trx SBDS3. What we are finidng is people not doing this process properly and documents are left in this table are completley visable to anyone who has this trx access.

Our HR dept have kicked up a stink that a finance person can see say a formal procedure doc that has been left in the q.

I have tried to argue the case that if they checked after every scan then there would be no problem. But they are determined they want something put in place.

So i have come up with a soloution of creating. Differnt logical archives for HR,Fiance and a few other depts. Then create a z programme of SBDS3 and adding an input filed asking which dept they are. So a HR person would scan into the system using the HR Logical archive and the finance person would scan in using the FI logical archive(names are irrelavnt but just to make explanation easier)

When they come to do there checks they would enter in the input field either HR or FI, this would then do an auth check on s_wfar_obj to see what value there role has in and if they are allowed to see HR or Fi docs.

I can see no other purpose for this other than archiving docs be it HR or FI, and just needed a bit more clarification on where it is used.

Go to solution
Former Member
In response to Former Member

‎08-26-2011 3:24 PM

0 Kudos

In that case S_WFAR_OBJ (see field OAARCHIV) is exactly the correct semantic you are looking for and would have been able to reuse it had the authorizations been correct, so I would fix the role values and add the check to your own code as well --> maximum reusability.

Easier to maintain would be adding the check to an enhancement ponit in the standard transaction in stead or re-inventing it and having to maintain that.

Cheers,

Julius