cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CV04n showing DIRs without proper ACL rights

Go to solution
Former Member

on ‎09-08-2016 12:07 PM

0 Kudos

Hi all!

I have following request from my customer.

In CV04N transaction for searching DMS info records one can see a DIR with ACL right defined, even if he/she has no right given for this particular indo record. In EasyDMS interface everything is working OK, and user can't see documents without proper ACL right.

Is there a way to CV04N behave just like EasyDMS interface program, so one can't see DIRs with defined ACL rights but without proper ACL right given?

Tnx in advance,

Rgs

Viliam

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-08-2016 2:58 PM
0 Kudos

I was wrong. Even EasyDMS is showing DIRs for users without proper ACL right defined. But it shouldn't.

"Authorization group" functionality behaves that way. If user doesn't have proper "Authorization group" right, then DIR is not showing in EasyDMS, and that is correct behaviour.

Rgs,

Viliam

Show replies
Show replies
christoph_hopf
Advisor
Advisor
‎09-09-2016 8:52 AM
0 Kudos

Hi Viliam,

the search in CV04N does not trigger any permission checks and so all suitable documents are listed in the result list. The checks are made as soon as you try to display a single document from the result list. This design with made to keep search performance high and deliver a result in less time.

If you want to have some permission checks before getting the result you can use BADI DOCUMENT_MAIN01 and method AFTER_SEARCH_DATA.

Best regards,

Christoph

Former Member
‎09-09-2016 9:01 AM
0 Kudos

There is an enhancement note to consider authorization object C_DRAW_BGR in CV04N transaction, and this is working properly. So it would be a nice feature to add similar functionality for ACL authorizations also.

In my opinion, security and authorizations are primary focus in DMS area.

Anyway, i'll speak with my abap team.

Tnx for your kind answer.

Rgds,

Viliam

christoph_hopf
Advisor
Advisor
‎09-09-2016 9:28 AM
0 Kudos

Hi Viliam,

I see your point of view and I can only tell you that a lot of customer prefer to have a search as fast as possible and if you search for a huge number of documents the authorization checks are consuming much time.

Especially the ACL checks would be critical because here the inheritance of ACL permissions needs to be checked as well which involves again more documents then required for the search result.

Best regards,

Christoph

Answers (0)

Ask a Question