Show TOC

 Inheritance

Use

During the authorization check for an object, the system determines whether a user has specific authorizations for the object.

If no authorization is defined for the user for an object, the system follows the authorization path along the object hierarchy up to the top node. If no authorizations are found here, the user has no authorization of any kind for the selected object (see also Checking for ACLs ).

Note Note

New objects for which no authorization has been created can still be displayed if you activate parameter AUTH_VISIBLE under Define User Group in Customizing for SAP Easy Document Management. This setting applies system wide.

End of the note.

When you define authorizations for an object, the system gives the relevant folder an access control list (ACL). This ACL applies to all subfolders. If a new ACL is created for one of these subfolders, it applies to all subfolders from this node onwards.

The implementation of local administrator authorizations for the owner of a folder or document means that when you create a new folder or document, a new ACL is created for the object. This ACL contains at least administrator authorizations for the owner.

Note Note

Changes to the authorizations can only be made to objects for which the user has administrator authorization.

Authorizations from superior objects are inherited by subordinate objects up to the point at which they are overridden by a new, local authorization for the user. Authorizations for the user are inherited in the same way.

End of the note.

Features

Authorizations are inherited top-down and can be overridden at lower levels. For linked documents, the ACLs of the original documents or their superior folder apply. You can assign a separate ACL to a linked document. The system then uses this ACL. However, if a linked document has its own ACL, the system does not ignore the ACL of the superior folder.

The system always uses the most comprehensive authorizations. The authorizations assigned to a superior folder are inherited by all subfolders at all levels.

NoAuth cancels all other authorizations and overrides inherited authorizations.

Note Note

You can display or hide the list of inherited authorizations assigned to a folder. Under Start of the navigation path SAP Properties Next navigation step Authorizations End of the navigation path select or deselect the Read Inherited Authorizations indicator as appropriate.

End of the note.

Note Note

To avoid performance problems, only keep a small number of documents and objects in one folder at each hierarchy level. If you have lots of documents in one folder, define direct ACLs for this folder and do not allow them to be inherited. If you have a large document structure with inheritance through the whole structure, performance may be slow when displaying the folders with many documents and objects at lower levels of the structure.

End of the note.