cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP DMS / How to restrict the display of Document with using Authorization group

Go to solution
Former Member

on ‎10-07-2015 10:54 AM

0 Kudos

Hi Experts

Need your help urgently.

We want to restrict the display of documents in SAP DMS.

i.e Document created by the User A who works on project 123 should not be seen by the User B who works on project 456.

I heard it can be achieved using "Authorization group field" in DIR.

So i have followed the below procedure.

1.  Created X ROLE and assigned to User A.

2.  In that 123 given as BEGRU value in AUTHORIZATION Object C_DRAW_BGR.

3.  Created Y ROLE and assigned to User Person B.

4.  In that 456 give as BEGRU value in AUTHORIZATION Object C_DRAW_BGR.

So User A created a DIR with giving 123 in Authorization group field.

But still User B is able to see the the document created by User A.

I am not getting how resolve this issue.

Could you please help me on this.

I would appreciate your support and reward immediately your work.

Its very urgent.

You can give me your email id, so that i can send an email if my question is not clear.

Regards

KB

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member185558
Active Participant
‎10-08-2015 4:52 PM

Hey Balaji.

I believe Auth Grp wont work with Random inputs.

You need to decide security Model for whole of your DMS

e.g. two Groups 123 and 456

and use it as additional authorization  over type and status in your PFCG role.

Mind this once you decide the auth groups you need create additional roles and assign them to users.

this should be one time type of exercise.

Hope this is ok

Niketan

Show replies
Show replies
Former Member
‎10-13-2015 5:11 PM
0 Kudos

Hi Niketan

Thanks for your reply.

Could you please explain in detail?

former_member185558
Active Participant
‎10-13-2015 9:28 PM
0 Kudos

Hi Balaji,

I think this should work

Go to Transaction

S_BCE_68001396

give authorization object C_DRAW_BGR

Double click on User B

Highlight Own Profile and click Selectively Expand Subtree & Execute

This should look like below

from this you should clearly get what user B is allowed and what user A is allowed and make right changes.

Hope this helps

Regards

Former Member
‎10-14-2015 11:41 AM
0 Kudos

Hi Niketan

It is working.

Thank you very very much.

Appreciate your time and knowledge.

Answers (2)

Answers (2)

Former Member
‎10-14-2015 12:17 PM
0 Kudos

Thank you Nayeem and Niketan.

Show replies
Show replies
Former Member
‎10-07-2015 11:23 AM
0 Kudos

Hi,

As per the authorization group and auth object maintained is correct, There may be chances that some roles for auth object C_DRAW_BGR will have "*" . test the role individually or check the SUIM t code by giving the auth object.


Revert with the impact.



Rgds,

Nayeem.

Show replies
Show replies
Former Member
‎10-07-2015 11:40 AM
0 Kudos

Hi Nayeem

Thank you for your quick reply.

Can i have your email id so  that i can share the screenshot.

Thank you very much in advance.

Regards

KB

Former Member
‎10-07-2015 11:52 AM
0 Kudos

Former Member
‎10-07-2015 12:02 PM
0 Kudos

Thank  you very much.

I have mailed the relevant screenshot.

Hope an early reply.

Regards

KB

Ask a Question