You can use this function to control which user roles are allowed to display and edit documents that are attached to a business transaction.
Example
For Service Request Management, you want to use this function to control the access to documents that are attached in the Attachment
assignment block. The service requester should be able to do the following:
Attach documents
Open attached documents that are classified as Information for customer
He or she should not be able to open documents that are allowed for internal use only.
A button with a paperclip icon in the work area toolbar indicates that attachments are assigned to a service request. Choose the icon to navigate directly to the attachments assignment block.
You have activated the business function Content and Text Management (CRM_ITSM_COM).
If you do not activate the business function, every user can create, display, and edit attachments.
For the authorization domain ATTACHMENT-BTX
, you have defined different authorization scopes in Customizing of Customer Relationship Management
under
In the standard, no authorization scopes are assigned to the authorization domain ATTACHMENT-BTX
. If you do not define the authorizations
scopes, the system does not check the authorizations. This also applies if you delete the authorization domain.
Note
This function does not call the Business Add-In CRM_DOC_AUTHORITY
that is described in Customizing of Customer Relationship Management
under
You have added the authorization object CRM_AUTHSC
to the required user roles (transaction PFCG).
To control the access to attachments, you define in Customizing different authorization scopes for the authorization domain ATTACHMENT-BTX
. By editing an attachment in the Attachments
assignment block, the users assign the appropriate
authorization scope.
Example
You create the following authorizations scopes related to the different needs of the target groups:
Information for agent
Information for customers
Internal message
Confidential
In the authorization object CRM_AUTHSC
, you can define for each authorization scope, which activities the users are allowed to carry out.
Example
For Service Management purposes, you create the authorization scope Information for agent
. The service requester can use attachments with this authorization scope to add additional information for the service personnel. The service requester should be able to
create, change, edit, and delete this attachment.
The following authorization levels are available with authorization object CRM_AUTHSC
:
Display: The user can open attached documents.
Create or generate: The user can attach a document and define its authorization scope.
Change: The user is able to change the properties of an attachment, including the authorization scope.
Delete: The user can remove the reference to the attached document.
Authorization object CRM_AUTHSC
The following table describes the authorization object Authorization Scope
(CRM_AUTHSC
).
Field |
Description |
Activity |
Describes, what the users are allowed to do. |
Authorization domain |
ATTACHMENT-BTX |
Authorization Scope |
Use the value help to get the authorization scopes that you have defined in Customizing. |
If a user does not have the required authorization, the system works as follows:
Display: The reference to the document is not displayed in the attachment's list.
Create or generate, change, and delete: The authorization scope is not available in the input help of the field.