Authorization Check for the Generic Service Provider Back End

Use

Activities for elements that are based on the back end of the generic service provider (records, documents, document templates, notes, administration data of paper documents, record models, and file plans) are linked to authorizations.

Authorization Objects

The following authorization objects exist:

  • S_SRMGS_DC: Refers to documents (as collections of versions and variants).

  • S_SRMGS_VV: Refers to versions and variants

  • S_SRMGS_PR: Refers to attribute values for documents

  • S_SRMGS_CT: Refers to document content

Fields in the Authorization Objects

All four authorization objects have the authorization fields described below:

ACTVT

You can use this field to restrict authorization to particular activities. Enter the activity numbers of the activities that are to be allowed.

The following table shows an overview of the activities for which you can check the authorization in each authorization object. The activity number is in brackets after the name of the activity.

Authorization Object

->

Activities

S_SRMGS_DC

(relates to documents)

S_SRMGS_VV

(relates to versions and variants)

S_SRMGS_PR

(relates to attribute values for documents)

S_SRMGSP_CT

(relates to document content)

Add or create (01)

X

X

X

X

Determine (30 )

X

Display (03)

X

X

Change (02)

X

Delete (06)

X

X

X

Transport (21)

X

Open Consolidated Group Processing (PC)

X

Close Unit Processing (PD)

X

SPS_ID

Entries in this field restrict the authorization to a particular element type. Enter an element type ID.

SRM_MODEL

Entries in this field restrict the authorization to records of a particular record model. Enter the unique name of a record model.

DOCUMENTID

Entries in this field restrict authorization to a particular element. Enter the unique document ID.

In addition to the fields listed above, authorization object S_SRMGS_PR also has the following fields:

PROPGROUP

Entries in this field restrict the authorization to attribute values in a particular attribute group. Enter the name of an attribute group.

Attributes can be divided into groups. You can create groups of your choice for a particular content model in the Document Modelling Workbench. The attribute is called SRM_PROPGROUP.

PROPNAME

Entries in this field restrict the authorization to particular attribute values. Enter the name of an attribute.

Example of an Authorization Profile

You want to authorize the user to create records, and to select a record model for creating records, but not to change record models. You also want to allow the user to display his or her file plans, but not to change them. There are no authorization restrictions for any other Records Management documents.

You need to set up the following authorization profile for this user:

  1. Authorize the editing of records, documents, notes, and administration data of paper documents.

    Enter the following values in all four authorization objects:

    • SPS_ID: All element types for records, documents, notes, and administration data for paper documents.

    • All other fields: *.

  2. Prohibit editing of the record model and the file plans.

    In the authorization object S_SRMGS_DC, enter the following values:

    • SPS_ID: All element types for record models and file plans

    • ACTVT: Search.

    • All other fields: *.

    Do not make any entries in authorization object S_SRMGS_VV.

    In authorization object S_SRMGS_PR, make the following entries.

    • SPS_ID: All element types for record models and file plans

    • ACTVT: Display.

    • All other fields: *.

    In authorization object S_SRMGS_CT, make the following entries:

    • SPS_ID: All element types for record models and file plans

    • ACTVT: Display

    • All other fields: *.