Visibility of Attachments

You can use this function to control which user roles are allowed to display and edit documents that are attached to a business transaction.

Example Example

For Service Request Management, you want to use this function to control the access to documents that are attached in the Attachment assignment block. The service requester should be able to do the following:

Attach documents
Open attached documents that are classified as Information for customer

He or she should not be able to open documents that are allowed for internal use only.

End of the example.

A button with a paperclip icon in the work area toolbar indicates that attachments are assigned to a service request. Choose the icon to navigate directly to the attachments assignment block.

Prerequisites

You have activated the business function Content and Text Management (CRM_ITSM_COM).

If you do not activate the business function, every user can create, display, and edit attachments.
For the authorization domain ATTACHMENT-BTX, you have defined different authorization scopes in Customizing of Customer Relationship Management under Transactions Basic Settings Define Authorization Scopes for attachments.
In the standard, no authorization scopes are assigned to the authorization domain ATTACHMENT-BTX. If you do not define the authorizations scopes, the system does not check the authorizations. This also applies if you delete the authorization domain.

Note
This function does not call the Business Add-In CRM_DOC_AUTHORITY that is described in Customizing of Customer Relationship Management under Basic Functions Content Management Business Add-Ins (BAdIs) BAdI: Authorization Check on Document Level.

End of the note.
You have added the authorization object CRM_AUTHSC to the required user roles (transaction PFCG).

Features

To control the access to attachments, you define in Customizing different authorization scopes for the authorization domain ATTACHMENT-BTX. By editing an attachment in the Attachments assignment block, the users assign the appropriate authorization scope.

Example Example

You create the following authorizations scopes related to the different needs of the target groups:

Information for agent
Information for customers
Internal message
Confidential

End of the example.

In the authorization object CRM_AUTHSC, you can define for each authorization scope, which activities the users are allowed to carry out.

Example Example

For Service Management purposes, you create the authorization scope Information for agent. The service requester can use attachments with this authorization scope to add additional information for the service personnel. The service requester should be able to create, change, edit, and delete this attachment.

End of the example.

The following authorization levels are available with authorization object CRM_AUTHSC:

Display: The user can open attached documents.
Create or generate: The user can attach a document and define its authorization scope.
Change: The user is able to change the properties of an attachment, including the authorization scope.
Delete: The user can remove the reference to the attached document.

Authorization object CRM_AUTHSC

The following table describes the authorization object Authorization Scope (CRM_AUTHSC).

Field	Description
Activity	Describes, what the users are allowed to do.
Authorization domain	ATTACHMENT-BTX
Authorization Scope	Use the value help to get the authorization scopes that you have defined in Customizing.

If a user does not have the required authorization, the system works as follows:

Display: The reference to the document is not displayed in the attachment's list.
Create or generate, change, and delete: The authorization scope is not available in the input help of the field.