The Authorization Concept for the Generic Service Provider
Activities carried out on elements of the generic service provider (records, documents, notes, administration data of paper documents, record models, file plans) are linked to authorizations.
Authorization Objects
The following authorization objects exist:
Fields of the authorization objects
All four authorization objects have the authorization fields described below:
ACTVT
You can use this field to restrict authorization to particular activities. Enter the activity numbers of the activities to be allowed as the parameter values.
The following table shows an overview of the activities for which you can check the authorization in each authorization object. The activity number is in brackets after the name of the activity.
|
Authorization object è
Activities |
S_SRMGS_DC (relates to documents) |
S_SRMGS_VV (relates to versions and variants) |
S_SRMGS_PR (relates to attribute values for documents) |
S_SRMGSP_CT (relates to document content) |
|
Create (01) |
X |
X |
X |
X |
|
Find (30 ) |
X |
|||
|
Display (03) |
X |
X |
||
|
Edit (02) |
X |
|||
|
Delete (06) |
X |
X |
X |
|
|
Transport (21) |
X |
Notes for authorization object S_SRMGS_DC
Authorization for the activity Create is only effective if you create the same authorization for versions, variants and attribute values.
Authorization for the activity Delete is only effective if you create the same authorization for versions and variants (do not create delete authorization for attribute values).
The authorizations for the activities Search and Transport relate to the document with all its associated versions and variants.
Notes for authorization object S_SRMGS_VV
Authorization for the activity Edit is not included, because editing document content using the activity Create in the authorization object S_SRMGSP_CT, is the same as editing attribute values using the activity Edit in the authorization object S_SRMGS_PR.
SPS_ID
You can use this field to restrict the authorization to a particular element type. Enter an element type ID as a value.
SRM_MODEL
You can use this field to restrict the authorization for records of a particular record model. Enter a unique record model ID.
DOCUMENTID
You can use this field to restrict the authorization for a particular element. Enter a unique document ID as a parameter value.
The authorization object S_SRMGS_PR has the fields listed above as well as the following:
PROPGROUP
You can use this field to restrict the authorization to attribute values from a particular attribute group. Enter the name of an attribute group as a value.
Attributes can be classified into groups. You can set the classification for a content model in the Document Modeling Workbench. The attribute is called SRM_PROPGROUP.
PROPNAME
You can use this field to restrict authorization to individual activities. Enter the name of an attribute value.
Example of an authorization profile
You want to authorize the user to create records, and to select a record model for creating records, but not to change record models. You also want to allow the user to display his or her file plans, but not to change them. There are no authorization restrictions for any other Records Management documents.
You need to set up the following authorization profile for this user:
Enter the following values in all four authorization objects:
In the authorization object S_SRMGS_DC, enter the following values:
In the authorization object S_SRMGS_VV, do not enter any values:
In the authorization object S_SRMGS_PR, enter the following values:
In the authorization object S_SRMGS_CT, enter the following values: