Hello Shynu John

refer my last post:

IMG>Cross-Application Components>Document Management>Control Data>Define Document Types , see the details (CTRLSHIFTF2) of your document type. In the next screen, in the Field Selection tab, make Authorization Group entry as "Required entry".

Once you have done this.

Follow this:

For the users who belong to Group A, for their SAP log in id, you create authorizations & for the object C_DRAW_BGR 

To carry out this step, you need to discuss with your BASIS cosnultant or Securities consultant.

Authorization Group should be entered against the object C_DRAW_BGR . It's text entry. The user should remember this text (i.e. authorization group code), as it can not be searched by pressing F4 in CV01N.

Go to t-code PFCG and open the role created for the user, for whome you want to give access to this document type & authorization group combination.

Click on Authorization tab, click on Change Authorization Data

In the next screen, drill down in Document Management , then expand Authorization for authorization groups. here you enter the "Authorization group" code . Once you are done, click on Shift+F5 then save & come out.

Like this you can do the same execrise for the other SAP logon ids.

Now in CV01N, when you create new document, you must enter the "Authorization group" code that you entered in roles & authorization.

I hope it's clear to you now.

Good luck.

Dear Shynu John

Is it fixed? let me know.

Thanks

Shynu John

What you can do is, give same Authorzation group to both users for the document type XYZ.

According to your requirement, say, if you want user A to have all rights (create/change/delete) then configure your roles & authorization for the user A accordingly. Now say, you want user B should have display option for this document type. What you can do is, in the roles authorization configuration for userB, you can give authorization group that you have given to user A & in C_DRAW_TCD object, you can give authorization only for display.

But keep in mind, user B can only display the documents created by user A , he can't create doc.

I want to suggest you something, which might solve your issue. I suggest you to have two document types, say, ABC & XYZ

You have two different authorization groups, say, GRP1 & GRP2 .

Now while creating roles & authorization for user A & user B, ensure that both have, GRP1 & GRP2 authorization groups.

Then for user A, give all rights for the object C_DRAW_DOK for Doc type ABC & give only display rights for doc type XYZ .

Similarly you do it for the object C_DRAW_TCD .

The same way, you do for user B.

Now both people can access both the document types. But user A can create/change/delete doc type ABC & display doc type XYZ. Similarly user B can create/change/delete doc type XYZ & display doc type ABC.

I hope this helps you.

Best Regards

Amaresh Makal

Hi Shynu

Please read my comments below:

Is it possible to assign different authorization groups to one document type?

Yes it is possible.

For example, consider document type XYZ. Can this document type be assigned to different authorization groups eg.GR1, GR2 etc. such that all the users in the different authorization groups can create the document using document type XYZ but users in one auhtorization group will not be able to change the document created by the user in another authorization group

This is also possible.

 though they may have the rights to view the documents created by other. note that the document type is the same.

This is not possible. Because create/change/display/ delete rights will be at document type level not at the authorization group wise.

With authorization group, you are creating an extra layer of security. It's a combination of document type & authorization group which decided the rights for a particular user to a particular document type.

create/delete/change/diaply rights are done at the document type level not at the authorization group level.

Say USER 1 belong to authorization Group GR1 & USER 2 belong to GR1 & GR2 both. USER 1 has rights to create/change/display/delete the document type XYZ & USER 2 has rights to display the document type XYZ .

This way USER 2 can see the document created by the people belonging to GR1 group (incluing the documents created by USER1 ). But remeber *USER 2 * will not be able to create document.

Bottom line is, rights to create/change/display/delete a documents is controlled by the authorizations created at document type level not at the authorization group level.

Thanks

Amaresh Makal

Shynu

Go through the following links, They'll help you.

[Control Document Browser and ACL customization|http://wiki.sdn.sap.com/wiki/display/PLM/ControlDocumentBrowserandACL+customization]

[New Functionalities in ERP 2005|http://wiki.sdn.sap.com/wiki/display/PLM/NewFunctionalitiesinERP2005]

[Easy DMS - User Groups|http://wiki.sdn.sap.com/wiki/display/PLM/EasyDMS-UserGroups]

[Manual Actvities for customization|http://wiki.sdn.sap.com/wiki/display/PLM/ManualActvitiesfor+customization]

I hope these links will help you.

Good luck.

Amaresh Makal