Show TOC

Procedure documentationAssign Authorization for Documents

 

You can control the access rights to documents in the project by assigning authorizations for groups of documents, e.g. you can specify that only the project management can change documentation templates.

Prerequisites

Note Note

The system saves Solution Manager project documents in Knowledge Warehouse folders. Access to Knowledge Warehouse folders is controlled by the authorization object S_IWB, which is in the roles SAP_SOL_KW_ALL and SAP_SOL_KW_DIS, and in the Solution Manager composite roles.

End of the note.

You have role (transaction PFCG) and user maintenance authorization.

Procedure

Activate authorization check

You only need to activate the authorization check if projects were created in your Solution Manager system before Support Package ST 310 SP11. The authorization check is automatically active if your Solution Manager system only contains projects which were created after importing this Support Package, or in higher Solution Manager versions.

To activate the authorization check for documents in your Solution Manager, run the report SOLAR_FOLDER_CHECK_AND_CREATE once.

The Knowledge Warehouse authorization check is based on folder groups. The report creates a folder group with the same name for each project folder. When you activate the authorization check, the system automatically creates a folder group with the same name for each folder in all new projects.

For further information about the folder groups used in the SAP Solution Manger, see Document Repository.

Adjust and assign roles
KW Document Authorization

Processing form

Attributes

Authorization

Read (restricted)

Show section Assign Restricted Read Authorization

Display only documents which have the status values specified in the IMG, e.g. no display in status Review, display in status Released

Role SAP_SOL_RE_COMP, authorization object S_IWB, activity 33

Edit

Full authorization to display, change and delete documents

Role SAP_SOL_KW_ALL, authorization object S_IWB, activity 02

Display

Display all documents, regardless of the document status values specified in the IMG

Role SAP_SOL_RO_COMP authorization object S_IWB, activity 03

  1. Copy the roles SAP_SOL_KW_ALL and SAP_SOL_KW_DIS in the Role Maintenance (transaction PFCG).

  2. Assign the ID of your project in the copied role in the field Folder Group.

  3. Choose the authorization for your project in the field Activity.

    Caution Caution

    Do not change the default values in the field Area.

    End of the caution.

  4. Remove the authorization object S_IWB from the composite roles of the Solution Manager.

  5. Assign the changed individual roles to the project team members.

Assign restricted read authorization

You can assign restricted read authorization, which only displays versions of a document with specified status values, with the role SAP_SOL_RE_COMP. You can specify which status values can be displayed with restricted read authorization, in the IMG.

Example Example

You can specify that a user with the role SAP_SOL_RE_COMP can only display documents with the status Released, but not with status Review.

End of the example.

More Information

For further information about authorizations, see the SAP Solution Manager Security Guide.