06-18-2010 3:55 PM
Hi,
How can I allow multiple users to view a spool generated by one user?
Thanks,
Rishi
06-18-2010 4:35 PM
>
> Hi,
>
> How can I allow multiple users to view a spool generated by one user?
>
> Thanks,
> Rishi
One way to create a role with SP01 and these values ..
Authorization object S_TCODE - SP01
Authorization object S_ADMI_FCD with value maybe SP0R.
Authorization object S_SPO_ACT with field SPOACTION as maybe BASE and DISP and
Value for Authorization check SPOAUTH as :- User id for which you want them to view spools.
go through the documentation of auth object S_SPO_ACT and you will understand.
06-18-2010 4:31 PM
Hi Rishi,
You need to give access to transaction SP01 with actions SP01:Use of SP01 (all users), SP0R: Spool request management (all users) in authorization object S_ADMI_FCD and also to be controlled by authorization object S_SPO_ACT
But from Audit point of view, this access need to be restricted as multilple users can view spool of other users
06-18-2010 6:52 PM
Just for the users who needs to see the spool of a specific user create a role with transaction SP01 & SP02
have the S_ADMI_FCD protected as mentioned by Nishanth Surabh
make sure to have only one object enabled S_SPO_ACT in case you have multiple auth objects with the same name
Check for the field names
SPOACTION
SPOAUTH
Focus on SPOAUTH & follow this definition
The authorization value is compared against the authorizations of the user who executes operations on this request. If the authorization is not sufficient, the operation cannot be executed.
Authorization values are generally set by the program that generated the data in the spool request.
If this field contains the initial value, the spool system automatically enters the user name as the authorization value.
If this field is empty, no authorization check is executed.
Test 1: perform test without any field value
Test 2: perform test with *
Test 3: Perform test with the specific userid
One of the above should work.
06-18-2010 4:35 PM
>
> Hi,
>
> How can I allow multiple users to view a spool generated by one user?
>
> Thanks,
> Rishi
One way to create a role with SP01 and these values ..
Authorization object S_TCODE - SP01
Authorization object S_ADMI_FCD with value maybe SP0R.
Authorization object S_SPO_ACT with field SPOACTION as maybe BASE and DISP and
Value for Authorization check SPOAUTH as :- User id for which you want them to view spools.
go through the documentation of auth object S_SPO_ACT and you will understand.
06-18-2010 9:33 PM
RK,
Authorization of transaction SP01 allows users to view spool of any user. If users are given authorization to run only SP02, they will only be able to view their own spools.
To my knowledge,
1. If we assign field value user, the user gains authorization to
access all users spool requests.
( Example: *Z_Y:Role contains object S_SPO_ACT *with field value *_user_
and assigned to user id TEST_1 , *the user TEST_1 has authorization for
access all users spool request in that particular system .
2. Other possible way to gain authorization for all users spool request is
the combination of
( Obj: S_SPO_ACT Field Value:LIST
Obj: S_ADMI_FCD with help of Tcode SP01 - can look at data for every
spool request of all user.)
Note: In SU21, look at the object S_SPO_ACT, and hit the "Display Object Documentation" button. It includes
this: "Users with the authorization value __USER__ can access all
unprotected requests for all users in the client according to the
authorized action."
https://cw.sdn.sap.com/cw/docs/DOC-39413
Thanks,
Sri
Edited by: sri on Jun 18, 2010 4:36 PM
06-18-2010 9:55 PM
My understanding is that if spool requests do not have a SPOAUTH set, then they are unprotected against SPOACTION's of admins but can be accessed by the creator of the spool request, in SP01 and SP02. This is a sy-uname comparison between the creator and the logged on user.
What is perhaps the goal here is to share certain spool requests with other users? For that you would need to naming convention to work with.
Much easier is to send the spool request somewhere (if need be to the frontend...) and make it available there for access or distribution.
Spool requests are not a communication technology in my books, so they should be deleted periodically anyway and in some cases immediately.
It is usefull to "bounce" some stuff via the spool though.
Cheers,
Julius
06-21-2010 2:38 PM
06-21-2010 3:20 PM
I seems to have a another problem, where it doesn't allow me to view or delete the spool( as it should)however I can print it !!