You can control the access rights to documents in the project by assigning authorizations for groups of documents, e.g. you can specify that only the project management can change documentation templates.
Note
The system saves Solution Manager project documents in Knowledge Warehouse folders. Access to Knowledge Warehouse folders is controlled by the authorization object S_IWB, which is in the roles SAP_SOL_KW_ALL and SAP_SOL_KW_DIS, and in the Solution Manager composite roles.
You have role (transaction PFCG) and user maintenance authorization.
You only need to activate the authorization check if projects were created in your Solution Manager system before Support Package ST 310 SP11. The authorization check is automatically active if your Solution Manager system only contains projects which were created after importing this Support Package, or in higher Solution Manager versions.
To activate the authorization check for documents in your Solution Manager, run the report SOLAR_FOLDER_CHECK_AND_CREATE once.
The Knowledge Warehouse authorization check is based on folder groups. The report creates a folder group with the same name for each project folder. When you activate the authorization check, the system automatically creates a folder group with the same name for each folder in all new projects.
For further information about the folder groups used in the SAP Solution Manger, see Document Repository.
Processing form |
Attributes |
Authorization |
---|---|---|
Read (restricted) Show section |
Display only documents which have the status values specified in the IMG, e.g. no display in status Review, display in status Released |
Role SAP_SOL_RE_COMP, authorization object S_IWB, activity 33 |
Edit |
Full authorization to display, change and delete documents |
Role SAP_SOL_KW_ALL, authorization object S_IWB, activity 02 |
Display |
Display all documents, regardless of the document status values specified in the IMG |
Role SAP_SOL_RO_COMP authorization object S_IWB, activity 03 |
Copy the roles SAP_SOL_KW_ALL and SAP_SOL_KW_DIS in the Role Maintenance
(transaction PFCG).
Assign the ID of your project in the copied role in the field Folder Group
.
Choose the authorization for your project in the field Activity
.
Caution
Do not change the default values in the field Area
.
Remove the authorization object S_IWB from the composite roles of the Solution Manager.
Assign the changed individual roles to the project team members.
You can assign restricted read authorization, which only displays versions of a document with specified status values, with the role SAP_SOL_RE_COMP. You can specify which status values can be displayed with restricted read authorization, in the IMG.
Example
You can specify that a user with the role SAP_SOL_RE_COMP can only display documents with the status Released
, but not with status Review
.
For further information about authorizations, see the SAP Solution Manager Security Guide.