Authorization Check for the Generic Service
Provider Back End
Activities for elements that are based on the back end of the generic service provider (records, documents, document templates, notes, administration data of paper documents, record models, and file plans) are linked to authorizations.
The following authorization objects exist:
· S_SRMGS_DC: Relates to documents (container for versions and variants)
· S_SRMGS_VV: Relates to versions and variants
· S_SRMGS_PR: Relates to attribute values for documents
· S_SRMGS_CT: Relates to document content
All four authorization objects have the authorization fields described below:
You can use this field to restrict authorization to particular activities. Enter the activity numbers of the activities to be allowed as the parameter values.
The following table shows an overview of the activities for which you can check the authorization in each authorization object. The activity number is in brackets after the name of the activity.
|
Authorization Object è
Activities |
S_SRMGS_DC (relates to documents) |
S_SRMGS_VV (relates to versions and variants) |
S_SRMGS_PR (relates to attribute values for documents) |
S_SRMGSP_CT (relates to document content) |
Add or Create (01) |
X |
X |
X |
X |
Determine (30) |
X |
|
|
|
Display (03) |
|
|
X |
X |
Change (02) |
|
|
X |
|
Delete (06) |
X |
X |
X |
|
Transport (21) |
X |
|
|
|
Open Consolidation Group Processing |
X |
|
|
|
Close Consolidation Unit Processing |
X |
|
|
|
Notes for authorization object
S_SRMGS_DC
Authorization for the activity Add or Create is only effective if you create the same authorization for versions, variants and attribute values.
Authorization for the activity Delete is only effective if you create the same authorization for versions and variants (do not create delete authorization for attribute values).
The authorizations for the activities Determine and Transport relate to the document with all its associated versions and variants.
It only makes sense to assign authorization for the activities Open Processing and Close Processing if you also assign the change authorization in authorization object S_SRMGS_PR.
Notes for authorization object
S_SRMGS_VV
Authorization for the activity Change is not included, since changing document content using the activity Add or Create in authorization object S_SRMGSP_CT, is the same as changing attribute values using the activity Change in authorization object S_SRMGS_PR.
You can use this field to restrict the authorization to a particular element type. Enter an element type ID.
You can use this field to restrict the authorization for records of a particular record model. Enter a unique record model ID.
You can use this field to restrict the authorization for a particular element. Enter a unique document ID.
In addition to the fields listed above, authorization object S_SRMGS_PR also has the following fields:
You can use this field to restrict the authorization to attribute values from a particular attribute group. Enter the name of an attribute group as a value.
Attributes can be classified into groups. You can set the classification for a content model in the Document Modeling Workbench. The attribute is called SRM_PROPGROUP.
You can use this field to restrict authorization to individual activities. Enter the name of an attribute value.
You want to authorize the user to create records, and to select a record model for creating records, but not to change record models. You also want to allow the user to display his or her file plans, but not to change them. There are no authorization restrictions for any other Records Management documents.
You need to set up the following authorization profile for this user:
...
1. Authorize the editing of records, documents, notes, and administration data of paper documents.
Enter the following values in all four authorization objects:
¡ SPS_ID: All element types for records, documents, notes, and administration data for paper documents.
¡ All other fields: *.
2. Prohibit editing of the record model and the file plans.
In the authorization object S_SRMGS_DC, enter the following values:
¡ SPS_ID: All element types for record models and file plans
¡ ACTVT: Search.
¡ All other fields: *.
Do not make any entries in authorization object S_SRMGS_VV.
In authorization object S_SRMGS_PR, make the following entries.
¡ SPS_ID: All element types for record models and file plans
¡ ACTVT: Display.
¡ All other fields: *.
In authorization object S_SRMGS_CT, make the following entries:
¡ SPS_ID: All element types for record models and file plans
¡ ACTVT: Display
¡ All other fields: *.