cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization

Former Member
0 Kudos

gradually I am coming to more serious things inside DMS:-)

I have to limit the doc info records such that (for example) Finance can't see Marketing docs , and vice versa.

standard sap procedure this is (as a matter of fact standard (any)enterprise software procedure) but new for me in SAP.

I searched the forum and read stuff like

+++++++++++snip+++++++++++

if I understand your requirement correctly you are looking for status dependent document authorizations. In SAP standard you can make this via PFCG roles: So you can create a new role with 'status dependent authorizations for documents' and maintain document type, document status and activity. Afterwards you can assign this role to the specific users. You can find more details on PFCG roles here.

In addition you can find more details on the different document authorization objects in the SAP Help portal

Authorization Object C_DRAW_TCD (Activities for Documents)

The following table shows authorization object C_DRAW_TCD. This object controls which users can process which document info records, based on a combination of activity and document type.

Authorization Object C_DRAW_TCS (Status Dependent Authorization)

The following table shows authorization object C_DRAW_TCS. This object controls which users can process which document info records, based on a combination of activity, document type, and status.

Authorization Object C_DRAW_STA (Document Status)

The following table shows authorization object C_DRAW_STA. This object controls which status(es) can be set for which document type.

Authorization Object C_DRAW_BGR (Authorization Group)

The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.

Authorization Object C_DRAW_DOK (Document Access)

The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.

Authorization Object C_DRAD_OBJ (Object Link)

The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.

+++++++++++end snip+++++++

thus my question arises from basics.

what do I have to do ? where do I have to 'switch on /off ' these parameters , or do exactly what with these parameters, where?

Is this a BASIS job ?

I have also gone through standard SAP links, but I am just not getting it, where do i start from.

can someone just show a basic example, with any one of the above parameters , how do something with authorization. after the example, I think I can pick the rest myself.

Thanks again (Pl. do not send SAP links, just a step by step example , & hopefully no BADI/BAPI issues- because that will open up a completely new issue dimension for me, so as long as I can just stick to the standard ECC 6 customization part. It doesn't have to be really fine tuned, just what standard sap provides will suffice)

*I see a 'authoroization group' field in 'basic data' in the doc info rec., but as I understood from somewhere on this forum, it's just an on/off field. then what's the relevance of this field ? I have gone through the course material & the course material does not stress anything substantial on this (otherwise so crucial)field.

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

only 1 thing remains.

the 'authorization group' , that's an arbitary value(in the document), but it does come up in the authorizations,

I have number 9 defined in the 'authorization group' in the document, but I don't think it will do anything just sitting there. do I need to define this 9 in customization ? if yes, where exactly.

thanks

Former Member
0 Kudos

hi

authorisation group is only for document type authorisation.

in the same document type, you can restrict the user for display ,change etc, by mainting the authorisation group.

Regards,

nitin

award point if useful

Former Member
0 Kudos

HI,

U need not to define this authorization group in customization.

If u enter auth group "9" in roles, system will check while creating DIR, if u create with auth group '9' in basic data, system will allow u to create DIR, otherwise it will restrict u.

If ur in change or display mode, then system will check, auth group assigned to ur role, if auth group in ur role and DIR is matching then system will allow u to display/change the document.

Award points if useful

regards

sham

Former Member
0 Kudos

HI,

In pfcg create different roles for each dept, and give them different authorization group

for ex:

if thy are using different document types, then u can distiguish with respect docuemnt types other wise u can control through lab office( define here ur depts) and authorization group wise.

Award points if useful

regards

sham

Former Member
0 Kudos

hi ,

go to trasaction pfcg,make a role(give some name , make it as single role),

then click on authorisation, then click on change authorisation data, do not select ,click on manually, put your dms authorisation object, once you put this, then you can do, the document base authorisation like dispaly ,change and all.

Thanks

regards,

nitin

award point if useful

Former Member
0 Kudos

Hi

thanks for the replies.

& Just for the records in case someone else stumbles with basic authorization issues in SAP.

1)pfcg>create role>go to menu tab>feed the required t-code in>go to authorization tab { all relevant objects are already linked there}>go through all of them>save-->generate button

2)from su01>create new user>put the role name from step 1 in the 'roles' section. save.

3)check pcfg (sanity check), role defined in su01(step 2), it should be in the 'user' tab here.

4)test your user.