on 10-07-2015 10:54 AM
Hi Experts
Need your help urgently.
We want to restrict the display of documents in SAP DMS.
i.e Document created by the User A who works on project 123 should not be seen by the User B who works on project 456.
I heard it can be achieved using "Authorization group field" in DIR.
So i have followed the below procedure.
1. Created X ROLE and assigned to User A.
2. In that 123 given as BEGRU value in AUTHORIZATION Object C_DRAW_BGR.
3. Created Y ROLE and assigned to User Person B.
4. In that 456 give as BEGRU value in AUTHORIZATION Object C_DRAW_BGR.
So User A created a DIR with giving 123 in Authorization group field.
But still User B is able to see the the document created by User A.
I am not getting how resolve this issue.
Could you please help me on this.
I would appreciate your support and reward immediately your work.
Its very urgent.
You can give me your email id, so that i can send an email if my question is not clear.
Regards
KB
Hey Balaji.
I believe Auth Grp wont work with Random inputs.
You need to decide security Model for whole of your DMS
e.g. two Groups 123 and 456
and use it as additional authorization over type and status in your PFCG role.
Mind this once you decide the auth groups you need create additional roles and assign them to users.
this should be one time type of exercise.
Hope this is ok
Niketan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Balaji,
I think this should work
Go to Transaction
S_BCE_68001396
give authorization object C_DRAW_BGR
Double click on User B
Highlight Own Profile and click Selectively Expand Subtree & Execute
This should look like below
from this you should clearly get what user B is allowed and what user A is allowed and make right changes.
Hope this helps
Regards
Thank you Nayeem and Niketan.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As per the authorization group and auth object maintained is correct, There may be chances that some roles for auth object C_DRAW_BGR will have "*" . test the role individually or check the SUIM t code by giving the auth object.
Revert with the impact.
Rgds,
Nayeem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
100 | |
12 | |
11 | |
6 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.