During the authorization check for an object, the system determines whether a user has specific authorizations for the object.
If no authorization is defined for the user for an object, the system follows the authorization path along the object hierarchy up to the top node. If no authorizations are found here, the user has no authorization of any kind for the selected object (see also Checking for ACLs ).
Note
New objects for which no authorization has been created can still be displayed if you activate parameter AUTH_VISIBLE under
Define User Group
in Customizing for
SAP Easy Document Management.
This setting applies system wide.
When you define authorizations for an object, the system gives the relevant folder an access control list (ACL). This ACL applies to all subfolders. If a new ACL is created for one of these subfolders, it applies to all subfolders from this node onwards.
The implementation of local administrator authorizations for the owner of a folder or document means that when you create a new folder or document, a new ACL is created for the object. This ACL contains at least administrator authorizations for the owner.
Note
Changes to the authorizations can only be made to objects for which the user has administrator authorization.
Authorizations from superior objects are inherited by subordinate objects up to the point at which they are overridden by a new, local authorization for the user. Authorizations for the user are inherited in the same way.
Authorizations are inherited top-down and can be overridden at lower levels. For linked documents, the ACLs of the original documents or their superior folder apply. You can assign a separate ACL to a linked document. The system then uses this ACL. However, if a linked document has its own ACL, the system does not ignore the ACL of the superior folder.
The system always uses the most comprehensive authorizations. The authorizations assigned to a superior folder are inherited by all subfolders at all levels.
NoAuth cancels all other authorizations and overrides inherited authorizations.
Note
You can display or hide the list of inherited authorizations assigned to a folder. Under
Read
Inherited
Authorizations
indicator as appropriate.
Note
To avoid performance problems, only keep a small number of documents and objects in one folder at each hierarchy level. If you have lots of documents in one folder, define direct ACLs for this folder and do not allow them to be inherited. If you have a large document structure with inheritance through the whole structure, performance may be slow when displaying the folders with many documents and objects at lower levels of the structure.