Skip to Content
avatar image
Former Member

Allowing multiple users to view a spool generated by one user

Hi,

How can I allow multiple users to view a spool generated by one user?

Thanks,

Rishi

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 18, 2010 at 03:35 PM

    >

    > Hi,

    >

    > How can I allow multiple users to view a spool generated by one user?

    >

    > Thanks,

    > Rishi

    One way to create a role with SP01 and these values ..

    Authorization object S_TCODE - SP01

    Authorization object S_ADMI_FCD with value maybe SP0R.

    Authorization object S_SPO_ACT with field SPOACTION as maybe BASE and DISP and

    Value for Authorization check SPOAUTH as :- User id for which you want them to view spools.

    go through the documentation of auth object S_SPO_ACT and you will understand.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 18, 2010 at 03:31 PM

    Hi Rishi,

    You need to give access to transaction SP01 with actions SP01:Use of SP01 (all users), SP0R: Spool request management (all users) in authorization object S_ADMI_FCD and also to be controlled by authorization object S_SPO_ACT

    But from Audit point of view, this access need to be restricted as multilple users can view spool of other users

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Just for the users who needs to see the spool of a specific user create a role with transaction SP01 & SP02

      have the S_ADMI_FCD protected as mentioned by Nishanth Surabh

      make sure to have only one object enabled S_SPO_ACT in case you have multiple auth objects with the same name

      Check for the field names

      SPOACTION

      SPOAUTH

      Focus on SPOAUTH & follow this definition

      The authorization value is compared against the authorizations of the user who executes operations on this request. If the authorization is not sufficient, the operation cannot be executed.

      Authorization values are generally set by the program that generated the data in the spool request.

      If this field contains the initial value, the spool system automatically enters the user name as the authorization value.

      If this field is empty, no authorization check is executed.

      Test 1: perform test without any field value

      Test 2: perform test with *

      Test 3: Perform test with the specific userid

      One of the above should work.

  • avatar image
    Former Member
    Jun 18, 2010 at 08:33 PM

    RK,

    Authorization of transaction SP01 allows users to view spool of any user. If users are given authorization to run only SP02, they will only be able to view their own spools.

    To my knowledge,

    1. If we assign field value user, the user gains authorization to

    access all users spool requests.

    ( Example: *Z_Y:Role contains object S_SPO_ACT *with field value *_user_

    and assigned to user id TEST_1 , *the user TEST_1 has authorization for

    access all users spool request in that particular system .

    2. Other possible way to gain authorization for all users spool request is

    the combination of

    ( Obj: S_SPO_ACT Field Value:LIST

    Obj: S_ADMI_FCD with help of Tcode SP01 - can look at data for every

    spool request of all user.)

    Note: In SU21, look at the object S_SPO_ACT, and hit the "Display Object Documentation" button. It includes

    this: "Users with the authorization value __USER__ can access all

    unprotected requests for all users in the client according to the

    authorized action."

    https://cw.sdn.sap.com/cw/docs/DOC-39413

    Thanks,

    Sri

    Edited by: sri on Jun 18, 2010 4:36 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      My understanding is that if spool requests do not have a SPOAUTH set, then they are unprotected against SPOACTION's of admins but can be accessed by the creator of the spool request, in SP01 and SP02. This is a sy-uname comparison between the creator and the logged on user.

      What is perhaps the goal here is to share certain spool requests with other users? For that you would need to naming convention to work with.

      Much easier is to send the spool request somewhere (if need be to the frontend...) and make it available there for access or distribution.

      Spool requests are not a communication technology in my books, so they should be deleted periodically anyway and in some cases immediately.

      It is usefull to "bounce" some stuff via the spool though.

      Cheers,

      Julius

  • avatar image
    Former Member
    Jun 21, 2010 at 01:38 PM

    Thanks all.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 21, 2010 at 02:20 PM

    I seems to have a another problem, where it doesn't allow me to view or delete the spool( as it should)however I can print it !!

    Add comment
    10|10000 characters needed characters exceeded