on 08-19-2010 12:23 PM
Hi All,
In the past we have tried to restrict user access to DMS data (on content server) using DOC type/status restriction. Now we are trying to explore the possibilities of restricting users from accessing export control data from a specific content server.
1. Is there a authorization object using which we can define what content server one have access/restriction?
2. If answer is NO is there a standard method industry is following for this?
Suresh.
Authorization Object C_DRAW_TCD (Activities for Documents)
The following table shows authorization object C_DRAW_TCD. This object controls which users can process which document info records, based on a combination of activity and document type.
Fields
Possible Values
Description
ACTVT
(Activity)
01
02
03
06
17
Create
Change
Display
Delete
Maintain number range object
DOKAR
(Document type)
The activities can be executed for the document type.
Authorization Object C_DRAW_TCS (Status Dependent Authorization)
The following table shows authorization object C_DRAW_TCS. This object controls which users can process which document info records, based on a combination of activity, document type, and status.
Fields
Possible Values
Description
ACTVT
(Activity)
01
02
03
06
Create
Change
Display
Delete
DOKAR
(Document type)
The activities can be executed for the document type.
STATUS
(Document status)
Authorization Object C_DRAW_STA (Document Status)
The following table shows authorization object C_DRAW_STA. This object controls which status(es) can be set for which document type.
Fields
Description
DOKAR
(Document type)
The statuses are allowed for this document type.
DOKST
(Document status)
Authorization Object C_DRAW_BGR (Authorization Group)
The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.
Fields
Possible Values
Description
BEGRU
(Authorization group)
0000 - ZZZZ
Used to restrict the authorizations for document maintenance further.
Authorization Object C_DRAW_DOK (Document Access)
The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.
Fields
Possible Values
Description
ACTVT
(Activity)
52
53
54
55
56
57
Change application start
Display application start
Display archive application
Change archive application
Display archive
Store archive
DOKAR
(Document type)
Here you enter the document type that access to original data is allowed for.
Authorization Object C_DRAD_OBJ (Object Link)
The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.
Fields
Possible Values
Description
ACTVT
(Activity)
01
02
03
06
Create
Change
Display
Delete
DOKOB
(Object)
You must enter the data base table for the objects here (for example, MARA for material record).
STATUS
(Document status)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manoj, Anil, Ravindra and Hopf,
Thank you all for the info offered.
The query was raised during the project proposal stage. Hopf's suggesion seems to be interesting to explore.
Unfortunately we didn't get the project, but I am sure this info would be helpful to others who are seeking info on this.
I am closing this thread.
Again thanking you all,
Suresh Bodhi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suresh,
As on today, there is no object in dms roles to restrict the access to content server. Server based restriction functionality is not available in dms.
Hope this will help.
Regards,
Ravindra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suresh,
from DMS point of view I can only confirm that there is no standard authorization object to restrict an user to checkin files to a specific storage category or content repository.
But maybe you can use one of the DMS BADIs like DOCUMENT_STORAGE01 with methods BEFORE_PHYSICAL_CHECKIN or BEFORE_CHECKIN coufd be useful to implement an individual check. Here a check should be possible for the userID and the choosen storage category. And so you should be able to allow only specific users to checkin original files to specific storage categories.
Best regards,
Christoph
In DMS we have the above authorization objects...
Please if any of the above is useful for your requirement.
Regards,
Lalit Mohan Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
102 | |
12 | |
11 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.