05-24-2007 7:53 AM
hello, I am administrator of sap in my company, have several clients and I do not want that the users of a client can see requests spool in SP01 of other clients.
thanks
05-24-2007 8:18 AM
Hi,
Look at the Object S_SPO_ACT:
Definition
Authorization to perform actions on spool requests protected with authorization character strings.
Use in the system: Only checked if the explicit or implicit value in the authorization attribute field of a spool request is not the same as the user ID of the user accessing it.
The authorization is not checked if users access their own unprotected spool requests.
Examples: Authorization is checked when users attempt to access the spool request of another user. Authorization is not checked if users attempt to delete their own spool request, and the authorization field in the spool request is either initial or contains the user's ID.
The authorization is, therefore, mainly of interest for users who administer spool requests in the output controller. These users must access the spool requests of other users. This requires a S_SPO_ACT (spool: actions) authorization, in addition to the spool administration authorization (S_ADMI_FCD, system functions).
Defined Fields
This object consists of the following fields:
Authorization field for spool actions: Operations permitted on protected spool requests.
Possible values:
BASE: Check protected spool request in the output controller (determine whether the spool request exists); display request attributes
DISP: Display contents of a protected spool request
ATTR: Change attributes of protected spool request
AUTH: Change authorization value of a protected spool request
PRNT: Output protected request for the first time
REPR: Output protected spool request more than once
REDI: Redirect to another printer (of the same type). The printer should be the same device type.
If used with ATTR, redirection to a different type of printer is permitted.
DELE: Manually delete request
USER: Change the owner
SEND: Send a request using SAPoffice
DOWN: Download a request
Value for the authorization check: Authorization value,for which the user is authorized. The authorization value is set in the attributes of the spool request.
A user is permitted to perform a spool action if the value stored for this action in the user master matches the value in the authorization field in the spool request. If no value is specified in the authorization field of the spool request, all actions are permitted.
An authorization key can be entered at the time a spool request is created, for example when a user selects Print. If no value is specified, the spool system automatically uses the ID of the user creating the request as an implicit authorization value.
A user is always authorized for his or her own user ID and no authorization check takes place in this case. This means that a user can access his or her own spool requests without restriction unless an authorization key is entered that does not match the user ID.
Users with the authorization value __USER__ can access all unprotected requests for all users in the client according to the authorized action. This authorization value is pre-defined and has the special meaning described. It can no longer be used for other purposes.
Examples
With this authorization, a user can reprint all requests with an authorization value beginning with FI.
Field Value
Authorization field for REPR
spool actions
Value for FI*
authorization check
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
05-24-2007 10:23 AM
Hi,
The spool requests access is controlled based on client through S_ADMI_FCD and is controlled by User Name ie the users whose spool is to be given access to or not. For this the Tcode required is SP01 and the controlling objects are
For Client Based Restriction:
S_ADMI_FCD SPAR and SPOR (for current client)
Control at user level and activities:
S_SPO_ACT
But if you want to restrict access to a persons own spool then give tcode SP02 with S_ADMI_FCD with SP0R that should do and no need to give the other auth objects.
Hope this helps
Manohar
Message was edited by:
Manohar Kappala
05-24-2007 12:09 PM
thank to NAVABOTHU SANTOSH KUMAR and Manohar Kappala, that is my solution. I write SPAR in the object S_ADMI_FCD.