Authorizations for Office Documents

Former Member · ‎10-10-2007

Hi all,

It is possible to control the access to office documents that can be created/deleted/modified that is used in "Attachment List" (for instance, in a FI document viewed in transaction FB03) ?

Is is possible to control what actions can be executed by a user ? (for instance, don't give the delete access)

I've search for possible authorization objects and find two that are use in standard authorizations checks, but the second object only checks if the actual user is a Administrator (that can perform any operation) or the attach owner:

S_OC_DOC

S_OC_ROLE

Any help appreciated.

Thanks in advance!

Nuno

Former Member · ‎10-11-2007

Hi,

please check if you are using S_WFAR_OBJ object ,just give take out activity 06 (delete) from user authorization profile/role.

Former Member · ‎10-11-2007

Thanks for the reply BN,

I've managed to debug the code, and find that in method 'EXECUTE' for class 'CL_MSG_AL_ITEM', the authority check uses the 'S_OC_ROLE' and tries to check if the user have Administrator privileges.

###########################################

WHEN cl_gos_attachments=>gc_cmd_delete.

AUTHORITY-CHECK OBJECT 'S_OC_ROLE'

ID 'OFFADMI'

FIELD 'ADMINISTRATOR'.

IF sy-subrc = 0 OR sy-uname = gp_owner.

CALL METHOD lo_docsrv->delete_url

EXPORTING

is_lporb = gs_lporb

ip_url = lp_objkey.

rp_commit = 'X'.

.........

###########################################

.. and if you have administrator access, the user can do any activity in the attached document.. is this correct ?

Thanks!