on 01-12-2012 5:13 AM
DEAR ALL,
I am having trouble configuring change request management's status related authorization.
I want to achieve either of the following.
1) Restrict the access to a document if it has a certain status.
For example, the document SDHF has status XXX, and only certain users can access to it in change mode, others users only should be allowed to access it in display mode.
(this cannot be achieved using authorization key and B_USERSTAT, right?)
2) Restrict the access to a action depended on the user's BP.
For example, the action "Logon to System" can only be performed by user that has certain BP.
if its about BAdI CRM_ORDER_AUTH_CHECK, please give me a little bit more info on how to configure, too.
Thank you very much in advance!!!!
Maepana
Thank you both for the reply!!
However, I guess I have put the wording a wrong way.
Display/change I meant for the document itself, open it with display mode or change mode.
("display <--> change" icon's function)
B_USERSTAT only control the authorization to change to certain status.
I'd like to cotrol,
User A can only display status X's document, but can change/display the content of the document in status Y.
Is this control possible?
I know it can be controled for transaction types, like
User B can only display urgent correction, but can change/display the content of the normal correction. etc.
Appologies for my wording again...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
1) Restrict the access to a document if it has a certain status.
For example, the document SDHF has status XXX, and only certain users can access to it in change mode, others users only should be allowed to access it in display mode.
(this cannot be achieved using authorization key and B_USERSTAT, right?)
Yes you are correct with authorization keys you can restrict the users and also control the change and display access with B_USERSTAT
more info can be read in security guide of solman on installation & guides section on SMP
> 2) Restrict the access to a action depended on the user's BP.
> For example, the action "Logon to System" can only be performed by user that has certain BP.
>
> if its about BAdI CRM_ORDER_AUTH_CHECK, please give me a little bit more info on how to configure, too.
i dont think you need to worry about this one because logon to system is performed by user who has the id on satellite system if they already dont have id they can't logon to system so no need to worry.
moreover there is no authorization object for actions so cant control in that way.
hope it clarifies
regards
prakhar
Edited by: Prakhar Saxena on Jan 12, 2012 5:11 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, thank you very much for your answer. and please bear with me to ask follow-up question.
1) Restrict the access to a document if it has a certain status.
For example, the document SDHF has status XXX, and only certain users can access to it in change mode, others users only should be allowed to access it in display mode.
(this cannot be achieved using authorization key and B_USERSTAT, right?)
>Yes you are correct with authorization keys you can restrict the users and also control the change and display access with B_USERSTAT
>more info can be read in security guide of solman on installation & guides section on SMP
Im very sorry I might missed something in B_USERSTAT, but in PFCG,
I can only see ACTVT(Activity) value 01 create and 06 delete for B_USERSTAT, and no display and change values??
does it need extra custominzing or..
Im using solman 7.0, not 7.1, is it the reason?
For 2), got it, thanks very much again!
Hi
Let me give u example
say status is IN PROCESS and auth code is XX & status is NEW ...auth code as YY
if user has this authorization key XX or code in b_userstat then they can set the status to in process
but if not
they can still change the support message for the ones they have authorization code say YY but can't change the status.
this is what you want right ?
regards
prakhar
Hi,
you must edit the Auth Key field of the B_USERSTAT auth object
It doesnt matter whether you are using 7.1 and 7.0, It worked on the same way,
Please follow the step by step screen shot for te usecase.
http://wiki.sdn.sap.com/wiki/display/SMAUTH/UC00030
Thanks
Jansi
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.