DMS - locked status / how to limit security access
I have a couple issues with a security profile (customer service) we have defined for DMS. This profile is set up that when the document info record is in a "released" status, the customer service person has edit (CV02N) access. When in an "on hold" status, the customer service person does not have edit (CV02N) access. Further, the "Released" status is a "locked" status.
1) The Object links appears to be open for edit, regardless of whether or not we have the status "locked".
Also, the deletion indicator can be changed when in locked status. I am looking for all fields to be locked except for the status field. Customer Service should only be able to change status from "released" to "on hold", and should not be able to change anything else. Any suggestions on how to do this?.
2) The intention is that the customer service person can use CV02N to change a document from "released" status to "on hold". This is the ONLY change customer service should be able to make. However, once the status changes from "released" to "on hold", it seems there is an authorization check missing..... meaning now the customer service person is in "on hold" status and they should not be able to edit anything, but apparently they still have the CV02N access from the "released" status, and they can now also change any other fields, update object links and attachments before they save the document. What am I missing?
Any help would be greatly appreciated!!
Hi,
U can use following authorization objects to resrticts the document access
1.C_DRAD_OBJ - Create/Change/Display/Delete Objec
here in activity field dont check delete, change option, so that user can not change, delete existing object links
2. C_DRAW_TCD - Authorization for document activit
here in activity field dont check delete option, so that user can not mark DIR for deletion.
award points if useful
Regards
sham
Similar Messages
-
How to limit the access of a transaction
please provide hw to create an authorization object... like hw to limit the access of a particular userdefined trasaction to a particular user
hi
good
Element of the authorization concept.
Authorization objects allow you to define complex authorizations.
An authorization object groups together up to 10 authorization fields in an AND relationship in order to check whether a user is allowed to perform a certain action.
To pass an authorization test for an object, the user must satisfy the authorization check for each field in the object.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm
Basic form->
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ : Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK .
thanks
mrutyun -
How to limit ftp access to single directory with lion
I am setting up an sftp server on a Lion system and I would like to know how I can limit a logged on user to a single directory. I am using the ftp daemon that comes with Lion. I start my ftp server using the following command:
sudo launchctl load -w /System/Library/LaunchDaemons/ftp.plist
I am using FileZilla for a client that will be run on a mac running Lion or Leopard.
I have seen threads on this but they are from 2009 and don't help with Lion.
thanks for the help
johnHi, Did you find any info?
I am also looking for similar solution.
I am not using FileZilla, but just want to know how to setup a particular user on to access only a certain folder on MAC when logged in via FTP. They can log in by command line or any FTP utility from another PC or MAC or other Unix OS.
Please let me know, if you find something. I will share some info. -
How to limit internet access in dpc3925
Hi all,
I have dpc3925 router and I want to restrict the time of internet access to a certain laptop.. I know it can be done... Plese help me how to do it... Appriciate thevhelp in advance....That is how the gateway is designed. As for the other software that you can use for restricting the laptop, you can try searching the net but I doubt it will work since the laptop is connected to the gateway’s network and it’s only thru the gateway that you can restrict that laptop at certain times to connect to the internet.
-
How to limit file access for different users in 10.7.4 Server
We had everything working perfectly with an earlier version of Lion Server. The update to 10.7.3, or 4, seems to have opened access to all files for all users. Much to our surprise, this wide-open access started without warning.
- We have an external drive that contains all of the company's archives
- We had set access for one employee to get to the files he needs, and different access for another employee. Neither saw sharepoints outside of their access settings.
After an update, each employee can see and log in to all sharepoints. There doesn't seem to be a way to limit access for each employee now. I can set 'read' access for one employee, but it doesn't stop the other employee from accessing that sharepoint/folder.
Is there some new way to go about this? Or is something simply broken with the current release?That is good to know. If the file share is seeing the drive and ignoring its permissions, that is why everyone can see everything. I have found, in Lion Server, that it is best to get the permissions set before turning on File Sharing. I don't know if you have the luxury of turning the file share off for a little while, but I would unshare the drive and see if the issue persists if you plug the external drive into another machine. The settings for permissions are set on the file or folder itself, so the issue should follow you to the other machine.
Again, if you can, I would unshare the drive and reshare it with the permissions that you want and turn file sharing back on. However, if you can get the drive to respect permissions rather than ignoring them, I think it will save you a lot of work. -
How to Limit Learner Access by Person Type
My goal is to have a course or class for which only employees can self-enroll (contingent workers may not enroll). I am using the 11.5.10.2 EBS applications, where Learner Access can be controlled by individual learner or by position or job within an organization hierarchy. The OTA_EVENT_ASSOCIATIONS table corresponds to this structure, with columns for Job ID, Position ID, and Organization ID. Has anyone come up with a solution for defining learner access more flexibly? I found one Oracle Support note, 731227.1, where database triggers control administrative functionality within OLM, and I was wondering if triggers might also be useful for controlling who can enroll in a course (if person type is contractor, display a message, etc). I would be very interested to learn about creative solutions from the community. Thank you.
Unfortunately, I haven't heard of a good custom solution for 11.5.10, but I know of one creative extension using Learner Groups coupled with eligibility profiles in R12 that I thought was good. I can provide you with contact info for the developer that built it at a company that I used to work for if you're interested.
-
Parental control - how to limit internet time
Anyone got any advice on how to limit internet access time to a shorter time than the full amount of computer time set in Parental Controls. My 14 year old wastes most of her computer time surfing stuff of little value. I am happy for her to still have daily computer time but don't want it all used up on the net. I want to encourage her to use some of the more creative potential of the Mac i.e Garageband, iMovie - she used to - she is very creative but gets sucked into other stuff very easily.
Are there any add-ons that I should consider?
Any advice gratefully received.If you use a Time Machine connected to your router, you can limit the time on that and when it can kick certain devices of the internet between certain times.
I would happy to go through the set up of this with you if you would like.
Other than that there maybe some add-ons / free software however if she's clever enough she could disable them.
I hope this helps -
My mum can't access her account. It says its locked and asked for her security questions, but she can't remember what they are. How do we access her account?
Hi sarahmcmast3r,
If you are having issues accessing an account and can't remember the security question answers, you may find the following article helpful:
Apple ID: All about Apple ID security questions
http://support.apple.com/kb/HT5665
Regards,
- Brenden -
How to configure security policies like account locking, account expiry in portal application?
Hi All,
Can anybody pls tell me how to configure security policies like account locking,
account expiry in portal application? By default, it has a 30 minutes lock period
after 5 retries. But if I want to set other values or want to unlock account of
a user, then what to do ?
TIA,
SudarsonI have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance -
I forgot my iPhone 4 device security password? How could I get access?
I forgot my iPhone 4 device security password? How could I get access?
Password for your lock screen or your restrictions? Either way you cannot retrieve it. You can only restore your device as new from recovery mode to get into the phone
http://support.apple.com/kb/HT1212 -
How to limit the number of items in a KPI Status list web part?
How to limit the number of items in a KPI Status list web part? There is no paging option for Business Category Status list or any limit can be made by changing the Item limit in default view unlike other SharePoint List web parts. So How to achieve it?
Kindly help.
Regards,
ZA
zzzSharePointHi,
According your post, I know you would like to set the item display limit in Status List web part.
In the web part, the number of items to display is based on the view which you selected when configuring the web part. The default view for status list is status list view.
However, I am not able to limit the items’ display number of the status list view. After changing the items limit, the list item displayed would not match the number specified by Item Limit. Thus, it is not possible to limit the number
of items in the Status list web part.
It could be a potential issue in SharePoint 2010.
We will log this issue to our suggestion box. As after the submission, we may not have any time guarantee when the fix may be released, but it may come out on next cumulative update.
Appreciate your time and efforts.
Thanks.
Tracy Cai
TechNet Community Support -
How to see lock status of a table ?
Hi,
My question is : how to see the lock status of a table ?
and how to lock a table except run the FM ENQUEUE_TABLENAME?
Is there any transcation that can lock a table ?
thx in advance.Hi Vincent
Via transaction SM12 we can check the lock entries at a particular point of time...
Kind Regards
Eswar -
How to check lock status of field in current document?
Hi,
How to check the status of field in current document(master agreement), that is whether its locked or not.
I locked "Publish to Supplier" checkbox after MA is saved first time. Now, I want to check the status whether this field is locked or not in the same document.
IsLockOwner( ) is not returning the correct value. Its not giving the current document field lock status.
Is there any way to get current document field status?
Thanks,
SaloniHi,
If I understand correctly, your requirement is to get the value of this field "Publish to Supplier on". It can be achieved by writing the below:
isVendorVisible = doc.getExtensionField("VENDOR_VISIBLE").get();
Meaning, if the box is checked, it will return a value = true and if not then false.
Hope this helps,
Regards,
Vikram Shukla -
I keep getting the error message "Could not apply the workspace because the file is locked, you do not have necessary access permissions, or another program is using the file. ..." when I try to open a workspace. Any ideas how to fix the permissions and what file does not have permissions. I am on a Mac.
See here:
CS5 "Locked" -
How can I do to limit the access to modify the materials texts?
Hello,
I need to limit the access to modify the texts of the materials from the transaction MM02. How can I do?
These texts (Basic Data Text) are on "Basic Data 1" view.
Thanks a lot, and best regards.
CarmenHello Carmen,
This can be achieved with limted authorization. Work with basis team.
Regards,
Arif Mansuri
Maybe you are looking for
-
Java Applet painting broken in IE11 and Windows 8.1
When running a Java applet in Internet Explorer 11 window on Windows 8.1, JRE fails to repaint the viewport correctly when the web browser window is resized or scrolled. (assuming the Java Applet has display dimensions larger than the window, necessi
-
Key functional differences between SRM 7 and SRM 5
Dear All, I urgently need to put togther a comparison document thst list key functional differences between SRM 7 and SRM 5. NB. i donot have access to service marketplace. sheena.roberts(AT)yahoo Thanks Edited by: Sheena Roberts on Jan 18, 2011 11:2
-
X3 browser returns "unsupported content type"
Hi guys. I have a problem. My phone was updated with the v 08.54 but now my browser can not access some sites including the Ovi site. It just returns the error "unsupported content type". Please help.
-
Somehow I have an iPhoto Library_2 but none of my earlier photos are there and I can't find them
I have no idea why I have an IPhoto Library_2 - I did not change anything at all and cannot find the original library. I'm missing a lot of pictures from the last three years - any suggestions?
-
Is there a way to access files from an incomplete backup
I returned the phone without realizing my backup was incomplete. Is there anyway to access the files from the incomplete backup? It shows 3.7 gigabytes were backed up.