cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Charm - authorization to access certain status

Former Member

on ‎01-12-2012 5:13 AM

0 Kudos

DEAR ALL,

I am having trouble configuring change request management's status related authorization.

I want to achieve either of the following.

1) Restrict the access to a document if it has a certain status.

For example, the document SDHF has status XXX, and only certain users can access to it in change mode, others users only should be allowed to access it in display mode.

(this cannot be achieved using authorization key and B_USERSTAT, right?)

2) Restrict the access to a action depended on the user's BP.

For example, the action "Logon to System" can only be performed by user that has certain BP.

if its about BAdI CRM_ORDER_AUTH_CHECK, please give me a little bit more info on how to configure, too.

Thank you very much in advance!!!!

Maepana

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎01-13-2012 12:41 PM
0 Kudos

Thank you both for the reply!!

However, I guess I have put the wording a wrong way.

Display/change I meant for the document itself, open it with display mode or change mode.

("display <--> change" icon's function)

B_USERSTAT only control the authorization to change to certain status.

I'd like to cotrol,

User A can only display status X's document, but can change/display the content of the document in status Y.

Is this control possible?

I know it can be controled for transaction types, like

User B can only display urgent correction, but can change/display the content of the normal correction. etc.

Appologies for my wording again...

Show replies
Show replies
prakhar_saxena
Active Contributor
‎01-12-2012 11:40 AM
0 Kudos

Hi

1) Restrict the access to a document if it has a certain status.

For example, the document SDHF has status XXX, and only certain users can access to it in change mode, others users only should be allowed to access it in display mode.

(this cannot be achieved using authorization key and B_USERSTAT, right?)

Yes you are correct with authorization keys you can restrict the users and also control the change and display access with B_USERSTAT

more info can be read in security guide of solman on installation & guides section on SMP

> 2) Restrict the access to a action depended on the user's BP.

> For example, the action "Logon to System" can only be performed by user that has certain BP.

>

> if its about BAdI CRM_ORDER_AUTH_CHECK, please give me a little bit more info on how to configure, too.

i dont think you need to worry about this one because logon to system is performed by user who has the id on satellite system if they already dont have id they can't logon to system so no need to worry.

moreover there is no authorization object for actions so cant control in that way.

hope it clarifies

regards

prakhar

Edited by: Prakhar Saxena on Jan 12, 2012 5:11 PM

Show replies
Show replies
Former Member
‎01-12-2012 12:15 PM
0 Kudos

Hi, thank you very much for your answer. and please bear with me to ask follow-up question.

1) Restrict the access to a document if it has a certain status.

For example, the document SDHF has status XXX, and only certain users can access to it in change mode, others users only should be allowed to access it in display mode.

(this cannot be achieved using authorization key and B_USERSTAT, right?)

>Yes you are correct with authorization keys you can restrict the users and also control the change and display access with B_USERSTAT

>more info can be read in security guide of solman on installation & guides section on SMP

Im very sorry I might missed something in B_USERSTAT, but in PFCG,

I can only see ACTVT(Activity) value 01 create and 06 delete for B_USERSTAT, and no display and change values??

does it need extra custominzing or..

Im using solman 7.0, not 7.1, is it the reason?

For 2), got it, thanks very much again!

prakhar_saxena
Active Contributor
‎01-13-2012 9:03 AM
0 Kudos

Hi

Let me give u example

say status is IN PROCESS and auth code is XX & status is NEW ...auth code as YY

if user has this authorization key XX or code in b_userstat then they can set the status to in process

but if not

they can still change the support message for the ones they have authorization code say YY but can't change the status.

this is what you want right ?

regards

prakhar

Former Member
‎01-13-2012 9:30 AM
0 Kudos

Hi,

you must edit the Auth Key field of the B_USERSTAT auth object

It doesnt matter whether you are using 7.1 and 7.0, It worked on the same way,

Please follow the step by step screen shot for te usecase.

http://wiki.sdn.sap.com/wiki/display/SMAUTH/UC00030

Thanks

Jansi

Ask a Question