User based Authorization for Documents

Hi All,
Is it possible to have following scenario?
1)
There is a folder A. Inside this folder there is a file abc.txt & xyz.txt.
Now User 1 & User 2 both has access to folder A.
User 1 can read / download the file abc.txt & xyz.txt
User 2 can see only the name of the file inside this folder, but he cant download this file. And he can read / download xyz.txt file.
and instead of user can it be given role based also???
like abc.txt can be downloaded only by R&D role and noth any other users.
The main perpose of this feature is to let user know there is a document stored in a particular folder but he can only see the name of this document.
Regards,
Purav

Hi Jitendar,
From permission we can do only read, write, read & write, Full control thats it.
see the scenario I have given.
User2 cant even read the file, he can only see the name of that file.
I have seen the KM Permission link http://help.sap.com/saphelp_nw04/helpdata/en/4c/9d953fc405330ee10000000a114084/frameset.htm
but still counldnt find the solution to my scenario.
Regards,
Purav

Similar Messages

  • User based authorization to create Purchase Orders out of Purchase Req.?

    Hello,
    I have the following requiment for my client:
    User based authorization to create Purchase Orders out of Purchase Req.?
    I am told the same can be achieved using same standard menu path in IMG/Customizing.
    Please advise with the menu path and detials, Usefull answers will be rewarded.
    Thanks

    Using OMET Function Authorization, you can restrict users to create Purchase orders without Purchase Reqn.
    Using OMET trxn code Create one Function Authorixation Called pr and in General Parameters tab Select the Field Selection and in Possible reference Objects Tab Mark the With ref to Prs check box and save.
    Next, you've got to associate via SU01 
    Click Parameters, insert a new parameter id EFB to the authorization code. 
    Type in Parameters value you want e.g. XX 
    You have to assign the control for ALL the SAP buyers via thier SAP users id.
    Logoff and login again. Then try to create a Purchase Order without a reference.
    From Next time whenever you try to create with out referring PR it will not allow you to Save PO.
    Regards,
    Ashok

  • Authorizations for document management

    Hi,
    I'm trying to figure out what every authorization means and which effects it has...
    I created a new user, gave him all the necessary authorizations to use certain transactions in Document management by making a new role/profile for him
    After trying everything out, I still have a few questions:
    - with Authorization for change object link (C_DRAD_OBJ)I have the following properties:
    Activity: change, display
    document type: DRM-DRM
    linked SAP object: *
    document status: *
    I know how to display my object link, but how can I change it? <b>Do they mean with changing the object link, the creating of long text for the link or is there more to it?</b>
    - with authorization for document access (C_DRAW_DOK), I can't figure out what the options "Display Application archive" and "Change application archive" mean.  Which effect does it have when I choose them? Where do I consult the application archive? What is the application archive? => SOLVED
    - Do I also have to give the authorization "Display" when I want to give the authorization to delete something?  How can I delete a document info record without displaying it? =>SOLVED
    - <b>With "Status dependent authorizations for documents" (C_DRAW_TCS) what do the following options do?</b>
            *change application start (which difference with change?)=>SOLVED
    display application start (which difference with display)=>SOLVED
            *<b>request</b>
            *display archive =>SOLVED
            *change archive=>SOLVED
    I know it are a lot of questions but I'm making documentation on the authorization profiles of document management and when I figured those few last things out, I can share my documentation with the rest of you...
    Message was edited by: Vicky Liesens

    Good morning,
    Havent been watching this thread for some time now, so please shout if you do have any questions.
    Just a quick note on deleting documents:
    Setting the deletion indicator will simply mark the DIR for deletion, but, it will still be on the dB.
    After you have set the DIR for deletion, you need to run the program "MCDOKDEL", which has a test mode and a real mode.
    This program will physically delete the documents that you have marked for deletion.
    Regards,
    Freddie Botha
    www.documation.co.za
    SAP DMS, CAD Integration, Data Archiving, Imaging and Scanning and Workflow
    [email protected]

  • Authorization for Document type AA

    Hi,
    I would like to assign authorization for document type AA only(related to FI), let me know how to assign ?
    Urgent ....
    Thanks in advance
    Vijay

    HI,
    You may ask from user to provide you SU53 screenshot or if you know how to simulate the required authorization, you can trace the object using tcode ST01.
    Thanks
    Tarmizee

  • User based authorization

    I have a question about role based authorization. Guess we have 100 transactions and 100 users. I know we have to create a new role for a new combination of transaction list. Ex: 1,2,3,4,14,15 is RoleA and 1,4,25,34 for RoleB and so on. What will it be If we have a really mixed authorization combination. Guess 15 users use A Role and 20 B Role. But we have a three new user. They mustn't use only two transaction in A Role. Now we came subject of my question. I don't want to create a new role for these users. Is it possible to restrict authorization? As if in same role but restricted to use these transactions. (without abap coding) In a clear expression user based transaction authorization, not role based.

    Hi,
    in my opinion that isn't possible without coding.
    Sorry ;-(
    Regards
    Bernd

  • Authorization for Document type in FB60.

    Hello everybody,
    On executing FB60 transaction code,  i want to control the document type entry means
    we have basically 2 types of document V1- Pune vendor bill and V2 Mumbai Vendor bill.
    I have to give V1 document type authorization only for pune location user and V2 for Mumbai location user.
    I had check the object in FB60 but I can't  find the authorization object for document type.
    I tried by creating test role name z:test and assign transaction FB60 in that role. when I assign this role to
    test user he can post both the document type invoice.
    So please suggest  me how to give the authorization for the V1 and V2.
    Thanks

    Hello Ganesh!
    I believe that authorizations object F_BKPF_BLA is what you're looking for. To use it, however, you will first need to define an authorization group for document type you want to protect. This is done in transaction OBA7; select the document type you want to protect, go into details view and define a value for "Authorization Group" field (this is freely defined, you can enter any value you want).
    After you've done this, a check will be performed on auth. object F_BKPF_BLA with the authorization group value you defined for the document type and activity.
    (I've never implemented this in our system, but I'm fairly certain that this will work.)

  • Deny user based policy for a specific computer

    I have a user based policy that deploys software for specific users when they log in to their Windows 7 workstations.  
    Some of these same users also have login access to a test server.  I am trying to prevent the software deployment policies from being processed when users login to this test server.  I have denied the 'read' and the 'Apply group Policy' security settings
    to the test computer, but since it is a user based policy I believe these computer level denies are being ignored.  
    I have looked into loopback processing but I cannot grasp how it would fit in to my environment.     Do I enable the loopback processing in the same policy that deploys the software?  
    Any suggestions?

    Use loopback merge in the policy of the software that I want to keep?  Or in the Policy I want to deny?
    I finally got it to work.
    I moved the computer object to a new OU and blocked inheritance.<o:p></o:p>
    I created a new policy that only has Loopback Policy enabled (replace).
     I linked that new policy to the OU that has the test server.<o:p></o:p>
    I removed any loopback processing settings from any other policies. I left them at 'Not Configured'.<o:p></o:p>
    For the software I was trying to block I modified its security permission to read DENY for the computer object (Computer Name) of the test computer
    .  ('Apply group policy' was left blank).<o:p></o:p>
    I then linked all other software deploy policies to this new OU and modified the security filtering from authenticated users to whichever users specifically
    needed the software.<o:p></o:p>
    Ran Gpresult /R /scope computer and verified that the only computer policy the server was receiving was my loopback policy<o:p></o:p>
    Reboot test server.
    <o:p>Thanks everybody for your help!</o:p>

  • User level Authorization for SSO by using SOAP Sender

    Hi,
    Scenario : Non-SAP to PI 7.31 using SOAP Sender adapter.
    Authentication we need to go for user based level at the receiver system where the information shall be passed from the sender (non-SAP) and also we 're using Single Sign On method for this interface.
    Note : Previously we achieved this through WS-RM using SAML certificates, but this adapter doesn't support in PI7.31 single stack since we have option only by using SOAP adapter.
    Please suggest how can i achieve this for my current landscape.
    Thanks for your help.
    Warm regards,
    Ram.

    Hi!
    The SOAP Adapter itself has no queueing mechanism. But the PI has one if you work asynchronously.
    To pick files it may be helpful to use the Axis Framework of SOAP Adapter whre you can add your own adapter modules.
    Very helpful tips concerning the SOAP Adapter can be found in the SAP Note 856597 (FAQ SOAP Adapter XI 3.0 Pi 7.0 PI 7.1).
    For Axis Adapter FAQ refer to SAP note 1039369
    Hope this helps.
    Regards,
    Volker

  • Region based authorization for user in crm

    hi
    In our project, there is a requirement that CRM users should be able to access master & transactional data related to a region for which they are responsible.
    I was told that it can be achieved using PPOMA. I have defined org units for region and assigned positions to it. But I don't know how to proceed further.
    Please help me in resolving this.
    thanx & regards
    hits

    i'm fairly sure that solely using PPOMA/E will not do the trick. what you can do there is implement the structure of your organization and attach roles to either org units or positions. after that you attach users to the positions so that they will have the access to the authorizations that stick to that position. additionally you might want to put some roles to the org units to establish an interitance from org unit to position to user. this is very nice for the 'overall' basis role everybody needs.
    but now for your question. the elements that represent your 'regions' must be someplace in the role - preferably in the organizational levels of that role - like say: a plant or purchasing group or sales unit or such - the relation from that organization level to the user will be drawn manually by your attaching the role to a position (or org unit). the emphasis here is with 'manually' - so you do it.
    so. this all goes for ERP, but not necessarily for CRM. since i know next to naught about CRM it might be different there but i very much doubt it, since you could ALE-distribute your users/org-scheme to - say: a CRM system belonging as a child to a CUA so necessarily it would have to follow the same structure. mind you: i might be wrong ...

  • User Based Authorization with ISE

    I am trying to configure ISE to limit the activitiy of individual users once they have logged in from an authorized PC into our netowrk. We basically only want them to be able to connect to specific systems. Is ISE able to do this on a per user basis?

    Yes.
    One of the things you can do via your Authorization policy is to push a downloadable ACL (dACL) to the port (for wired users). For wireless users you can apply a pre-defined Airespace ACL from the WLC to the user session. 

  • Authorization for documents display in query navigation

    Hello
    I defined a document linked to my masterdata on BI 7.0.
    The query is flagged "Displaying Document Links " on the masterdata, and everything goes well in the navigation as I have SAP_ALL.
    But my users are not abble to see that document link !
    I already set the authorisation object S_RS_ADMWB  in their profile but nothing appends...
    Can anyone help me ?
    Tnahk u

    The authorization objects are :
    u2022     S_RS_IOMAD
    u2022     S_BTCH_JOB

  • User level authorization for process order

    Hi,
    Greetings for the day.
    As we all know that there are three main screen of process order
    1. Header Data
    2. Operations data
    3. Materials Data
    Now, we want to restrict the users to access the screen as below. (T-Code: COR1 & COR2)
    Header
    PP, MM, QM Users can change
    Operations
    PP, QM Users can change, MM user can display only
    Materials
    MM, QM Users can change, PP user can display only
    How can we achieve this?
    Please guide me.

    Hi
    Yes, that is impossible to control that way in standard, so I think you may consider the the user exits to write your own source codes to check the changes done by user and prohibit the save.
    PPCO0018  Check for changes to production order header
    PPCO0019  Checks for changes to order operations
    PPCO0008  Enhancement in the adding and changing of components
    Regards.
    Leon.

  • Restrict the user   based on document type on migo transaction-prepare GRN

    Hi,
    We are running ECC6.0 R/3 system.We had a requirement as follows
    In MIGO transaction , we want to restrict the user on document type i.e. we want that a particular user can  prepare GRN for document type  STO only. He cannot prepare GRN for other document type.
    We checked  SU24->maintain check indicators for transaction codes->enter migo->execute->check indicator.This returned us the authorisation objects present in Migo transaction.We checked the help of all these objects,but none of them we found suitable for above mentioned requirement.We were planning to find out the proper authorisation object to add to Profile generater.
    The following is the objects which we have checked for.
    A_B_ANLKL-->     Asset Postings: Company Code/Asset Class
    A_B_BWART-->     Asset Postings: Asset Class/Transaction Type
    B_USERSTAT-->     Status Management: Set/Delete User Status
    B_USERST_T-->     Status Management: Set/Delete User Status using Process
    C_AFKO_AWK-->     CIM: Plant for order type of order
    C_CACL_DSG-->     Interface Design
    C_DRAW_BGR-->     Authorization for authorization groups
    C_DRAW_DOK-->     Authorization for document access
    C_DRAW_TCD-->     Authorization for document activities
    C_DRAW_TCS-->     Status-Dependent Authorizations for Documents
    C_KLAH_BKP-->     Authorization for Class Maintenance
    C_STUE_BER-->     CS BOM Authorizations
    C_STUE_WRK-->     CS BOM Plant (Plant Assignments)
    C_TCLA_BKA-->     Authorization for Class Types
    C_TCLS_BER-->     Authorization for Org. Areas in Classification System
    C_TCLS_MNT-->     Authorization for Characteristics of Org. Area
    F_BKPF_BUK-->     Accounting Document: Authorization for Company Codes
    F_BKPF_BUP-->     Accounting Document: Authorization for Posting Periods
    F_BKPF_KOA-->     Accounting Document: Authorization for Account Types
    F_FICA_FOG-->     Funds Management: authorization group of fund
    F_FICA_FSG-->     Funds Management: authorization group for the funds center
    F_FICB_FKR-->     Cash Budget Management/Funds Management FM Area
    F_KNA1_APP-->     Customer: Application Authorization
    F_LFA1_APP-->     Vendor: Application Authorization
    F_SKA1_BUK-->     G/L Account: Authorization for Company Codes
    G_GLTP  -->       Spec. Purpose Ledger Database (Ledger, Record Type, 
                                   Version)
    J_1IDEP_SL-->     Authorization object for depot sale transaction
    J_1IEXC_OT-->     Authorization object for Other Excise Invoice Create
    J_1IEX_PST-->     Autorization object for posting Other Excise invoice
    J_1IGRPT1-->     Auth. for PART1 at GR
    J_1IINEX  -->            Incoming Excise Invoice
    J_1IRG23D-->     Authorisation object for Depo Transactions
    K_CCA-->                     CO-CCA:  Gen. Authorization Object for Cost Center 
                                    Accounting
    K_CSKS     -->                CO-CCA:  Cost Center Master
    K_CSKS_SET-->     CO-CCA: Cost Center Groups
    K_PCA-->                    EC-PCA: Responsibility Area, Profit Center
    L_TCODE-->                    Transaction Codes in the Warehouse Management System
    M_ANFR_BSA-->     Document Type in RFQ
    M_ANFR_EKG-->     Purchasing Group in RFQ
    M_ANFR_EKO-->     Purchasing Organization in RFQ
    M_ANFR_WRK-->     Plant in RFQ
    M_BEST_BSA-->     Document Type in Purchase Order
    M_BEST_EKG-->     Purchasing Group in Purchase Order
    M_BEST_EKO-->     Purchasing Organization in Purchase Order
    M_BEST_WRK-->     Plant in Purchase Order
    M_MATE_CHG-->     Material Master: Batches/Trading Units
    M_MATE_STA-->     Material Master: Maintenance Statuses
    M_MATE_WRK-->     Material Master: Plants
    M_MRES_BWA-->     Reservations: Movement Type
    M_MRES_WWA-->     Reservations: Plant
    M_MSEG_BMB     -->Material Documents: Movement Type
    M_MSEG_BWA-->     Goods Movements: Movement Type
    M_MSEG_BWE-->     Goods Receipt for Purchase Order: Movement Type
    M_MSEG_BWF-->     Goods Receipt for Production Order: Movement Type
    M_MSEG_LGO-->     Goods Movements: Storage Location
    M_MSEG_WMB-->     Material Documents: Plant
    M_MSEG_WWA-->     Goods Movements: Plant
    M_MSEG_WWE-->     Goods Receipt for Purchase Order: Plant
    M_MSEG_WWF-->     Goods Receipt for Production Order: Plant
    M_RAHM_BSA-->     Document Type in Outline Agreement
    M_RAHM_EKG-->     Purchasing Group in Outline Agreement
    M_RAHM_EKO-->     Purchasing Organization in Outline Agreement
    M_RAHM_WRK-->     Plant in Outline Agreement
    Q_TCODE     QM -->         Transaction Authorization
    S_ADMI_FCD-->     System Authorizations
    S_ALV_LAYO-->     ALV Standard Layout
    S_BDS_DS-->     BC-SRV-KPR-BDS: Authorizations for Document Set
    S_BTCH_ADM-->     Background Processing: Background Administrator
    S_BTCH_JOB-->     Background Processing: Operations on Background Jobs
    S_CTS_ADMI-->     Administration Functions in Change and Transport System
    S_DATASET-->     Authorization for file access
    S_DEVELOP-->     ABAP Workbench
    S_DOKU_AUT-->     SE61 Documentation Maintenance Authorization
    S_GUI-->                     Authorization for GUI activities
    S_OC_DOC-->     SAPoffice: Authorization for an Activity with Documents
    S_OC_ROLE-->     SAPoffice: Office User Attribute
    S_OC_SEND-->     Authorization Object for Sending
    S_PACKSTRU-->     Internal SAP Use: Package Structure
    S_PRO_AUTH-->     IMG: New authorizations for projects
    S_RFC-->                     Authorization Check for RFC Access
    S_SCD0     -->                Change documents
    S_SPO_DEV-->     Spool: Device authorizations
    S_TABU_DIS-->     Table Maintenance (via standard tools such as SM30)
    S_TCODE     -->                Transaction Code Check at Transaction Start
    S_TRANSLAT-->     Translation environment authorization object
    S_TRANSPRT-->     Transport Organizer
    S_WFAR_OBJ-->     ArchiveLink: Authorizations for access to documents
    V_LIKP_VST-->Delivery: Authorization for Shipping Points
    V_VBAK_AAT-->Sales Document: Authorization for Sales Document Types
    V_VBAK_VKO-->Sales Document: Authorization for Sales Areas

    Have you executed a trace while a functional user executes the transaction code for the specific parameters? (i.e. document type). The trace will then show which objects are being checked; then look at the object documentation in txn Su21 to determine if there are any ways to restrict on the particular value; in some cases, if the authorization group field is being checked, additional configuration is needed in order to implement the security (Su21 will explain in detail for the particular object).

  • BASIS--to restrict authorization for a PO document type & 122 movement type

    Dear All,
    Plz guide me how to restrict authorization for a PO document type & for a movement type 122 i.e. for eg. if a user has authorization for PO document type IC then he should not be able to rum movement type 122 for any T-code he runs.
    Thanks in advance
    Arpit
    Basis

    Hi,
    Your request was not too clear to me.. As per my unde
    Here is some details of Authorization object related to Purchase Order:
    Document Type in Purchase Order( M_BEST_BSA )
    Purchasing Group in Purchase Order (M_BEST_EKG )
    Purchasing Organization in Purchase Order  (M_BEST_EKO)
    Plant in Purchase Order  (M_BEST_WRK )
    Document Type in Outline Agreement (M_RAHM_BSA )
    Purchasing Group in Outline Agreement (M_RAHM_EKG )
    Purchasing Organization in Outline Agreement ( M_RAHM_EKO )
    Plant in Outline Agreement ( M_RAHM_WRK )
    This can be helpfull to you to restrict authorization to PO..
    In Organization Level, it can be restricted by Purchasing group, Purchasing organization and plant..
    Regards,
    Sandip

  • Authorization control for document status

    Dear All,
    I want to control the status change of Documets created,
    How can i achieve this, so that a perticular user /ID can change the perticular status,
    I have ,
    01
    02,
    03,
    04, Rel.
    05,
    Do i need to put some trace anf find Objects to control...
    or there is any standard method to do this..
    Please guide me..
    Regards
    Raghu

    Hi Raghu,
    Here are DMS authorizatoins objects. For handle status it should be C_DRAW_STA
    C_DRAD_OBJ          Create/Change/Display/Delete Object Link                         
    C_DRAW_BGR          Authorization for authorization groups                         
    C_DRAW_DOK          Authorization for document access                         
    C_DRAW_MUP          Authorization for Markups                         
    C_DRAW_STA          Authorization for document status                         
    C_DRAW_TCD          Authorization for document activities                         
    C_DRAW_TCS          Status-Dependent Authorizations for Documents                         
    C_DRZA_TCD          Document Distribution: Authorization for Recipient Lists                         
    C_DRZI_TCD          Document Distribution: Authorization for Distribution Order                         
    S_ECL_CAT          ECL Viewer: Authorization Object for Stamp Categories                         
    S_ECL_STP          ECL Viewer: Authorization Object for Printing with Meta Data                         
    S_ECL_STP2          ECL Viewer: Authorization Object for Printing with Meta Data                         
    Hope that it will help you
    //Håkan

Maybe you are looking for

  • Error while opening list workflow in SharePoint designer 2010

    Hi, I am trying to open list workflow in SharePoint designer 2010,its showing me the following page. Please help me how will be able to edit the workflow. While i click on "export to visio",its showing the error as "SharePoint designer encountered an

  • Box in a main window in sapscript

    Hello Forum! In my sapscript there's a window MAIN with BOX FRAME. This window is in a first and next page, but the box only appears in the first page, not in the others. Anybody knows what I shound be change? I need the box always appears (in all pa

  • Extractor upgrade BW 3.5 - CRM 5.0

    Hello Last year we upgraded from CRM 3.0 to CRM 5.0 but due to time constraints we didn't upgrade the CRM BCT extractors. Today we´re having general problems with extraction from the CRM systems and we know for a fact that some of our extractors runs

  • Editing ABAP FM for ESS

    Hello Frnds, We have a requirement in Benifits --> Open Enrollment --> Medical plan --> Edit Plan. We don't want to show one plant type. We thought of filtering at abap side only. I found out in trace that from ESS FM HR_BEN_ESS_RFC_OFFER_DETAILS is

  • Camera Raw 5.0 and Apple iPhoto

    I have an issue opening raw photos saved in iPhoto... I have upgraded to Photoshop CS4 and now I can not drag my RAW photos (taken with a Canon Rebel XTi) to PS CS4 and have them open in camera raw. This worked perfect with PS CS3. If I use the OPEN