<div dir="ltr">Hi Sue,<div><br><div>User might reach workitem in several ways so it might be a bit difficult to block all options.</div><div><div>I would simply go for encrypting info in workitem (either in description or container element). In a custom "SendTaskDescription" I would decrypt it and send it.</div>
<div>You can use class CL_HTTP_UTILITY to decode and encode.</div><div><br></div><div>BTW, In EHP6 there's built in "Encrypt" flag, you might check it out. As far as I know it applies encryption only after email is generated and not in workitem.</div>
<div><br><div class="gmail_extra">Good luck.<br clear="all"><div><div dir="ltr"><div style="text-transform:none;text-indent:0px;font-style:normal;font-variant:normal;font-weight:normal;font-size:16px;line-height:normal;font-family:tahoma,'new york',times,serif;white-space:normal;letter-spacing:normal;color:rgb(0,0,0);word-spacing:0px">
<font style="text-indent:0px!important" color="#00007f" face="verdana, helvetica, sans-serif"><b style="text-indent:0px!important"><br></b></font></div><div style="text-transform:none;text-indent:0px;font-style:normal;font-variant:normal;font-weight:normal;font-size:16px;line-height:normal;font-family:tahoma,'new york',times,serif;white-space:normal;letter-spacing:normal;color:rgb(0,0,0);word-spacing:0px">
<font style="text-indent:0px!important" color="#00007f" face="verdana, helvetica, sans-serif"><b style="text-indent:0px!important">Regards,<br style="text-indent:0px!important">Shai Eyal</b></font></div>
<div style="text-transform:none;text-indent:0px;font-style:normal;font-variant:normal;font-weight:normal;font-size:16px;line-height:normal;font-family:tahoma,'new york',times,serif;white-space:normal;letter-spacing:normal;color:rgb(0,0,0);word-spacing:0px">
<font style="text-indent:0px!important" color="#000080" face="Verdana"><b style="text-indent:0px!important">SAP Workflow & BPM specialist</b></font></div>
<div style="text-transform:none;text-indent:0px;font-style:normal;font-variant:normal;font-weight:normal;font-size:16px;line-height:normal;font-family:tahoma,'new york',times,serif;white-space:normal;letter-spacing:normal;color:rgb(0,0,0);word-spacing:0px">
<br></div><br></div></div>
<br><br><div class="gmail_quote">On Tue, Aug 19, 2014 at 2:06 PM, <span dir="ltr"><<a href="mailto:sap-wug-request@mit.edu" target="_blank">sap-wug-request@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Send SAP-WUG mailing list submissions to<br>
<a href="mailto:sap-wug@mit.edu">sap-wug@mit.edu</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://mailman.mit.edu/mailman/listinfo/sap-wug" target="_blank">http://mailman.mit.edu/mailman/listinfo/sap-wug</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:sap-wug-request@mit.edu">sap-wug-request@mit.edu</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:sap-wug-owner@mit.edu">sap-wug-owner@mit.edu</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of SAP-WUG digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. RE: Workflow log Security (Sue Doughty) (Sue Doughty)<br>
2. RE: Workflow log Security (Sue Doughty)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 19 Aug 2014 06:55:39 -0400<br>
From: Sue Doughty <<a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a>><br>
Subject: RE: Workflow log Security (Sue Doughty)<br>
To: "'David Cooper'" <<a href="mailto:davidcooper06@icloud.com">davidcooper06@icloud.com</a>>, "'<a href="mailto:sap-wug@mit.edu">sap-wug@mit.edu</a>'"<br>
<<a href="mailto:sap-wug@mit.edu">sap-wug@mit.edu</a>><br>
Message-ID:<br>
<<a href="mailto:F5C165E2173DE547A64CDB01BAA1204F2BEE0ED94A@CORP-M-MB2.corp.odfl.com">F5C165E2173DE547A64CDB01BAA1204F2BEE0ED94A@CORP-M-MB2.corp.odfl.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi David,<br>
<br>
Thank you for your response!<br>
<br>
I did a security trace on it yesterday......found security objects?..removed them in DEV and the log was still visible.<br>
<br>
I really hope I don?t have to change SAP code?..I had to do that to lock down users displaying images from the workflow log.<br>
<br>
<br>
Sue Doughty<br>
SAP Workflow Analyst [<a href="http://www.odfl.com/signature/signature_od_37x37.png" target="_blank">http://www.odfl.com/signature/signature_od_37x37.png</a>] <<a href="http://www.odfl.com" target="_blank">http://www.odfl.com</a>><br>
Office: (336) 822-5189<br>
Fax: (336) 822-5149<br>
Email: <a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a><mailto:<a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a>><br>
Helping the World Keep Promises.?<br>
Old Dominion Freight Line, Inc.<br>
500 Old Dominion Way<br>
Thomasville, NC 27360<br>
<a href="http://www.odfl.com" target="_blank">www.odfl.com</a><<a href="http://www.odfl.com" target="_blank">http://www.odfl.com</a>><br>
[<a href="http://www.odfl.com/signature/signature_facebook_25x25.png" target="_blank">http://www.odfl.com/signature/signature_facebook_25x25.png</a>]<<a href="http://www.facebook.com/OldDominionFreightLine" target="_blank">http://www.facebook.com/OldDominionFreightLine</a>> [<a href="http://www.odfl.com/signature/signature_twitter_25x25.png" target="_blank">http://www.odfl.com/signature/signature_twitter_25x25.png</a>] <<a href="http://twitter.com/ODFL_Inc" target="_blank">http://twitter.com/ODFL_Inc</a>> [<a href="http://www.odfl.com/signature/signature_youtube_25x25.png" target="_blank">http://www.odfl.com/signature/signature_youtube_25x25.png</a>] <<a href="http://www.youtube.com/ODFLInc" target="_blank">http://www.youtube.com/ODFLInc</a>> [<a href="http://www.odfl.com/signature/signature_linkedin_25x28.png" target="_blank">http://www.odfl.com/signature/signature_linkedin_25x28.png</a>] <<a href="http://www.linkedin.com/company/old-dominion-freight-line" target="_blank">http://www.linkedin.com/company/old-dominion-freight-line</a>><br>
CONFIDENTIALITY NOTICE: The information contained in this message may be confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. Thank you for your cooperation.<br>
<br>
From: David Cooper [mailto:<a href="mailto:davidcooper06@icloud.com">davidcooper06@icloud.com</a>]<br>
Sent: Monday, August 18, 2014 4:33 PM<br>
To: Sue Doughty; <a href="mailto:sap-wug@mit.edu">sap-wug@mit.edu</a><br>
Subject: RE: Workflow log Security (Sue Doughty)<br>
<br>
HI Sue,<br>
<br>
Not sure about the security settings required. Can I suggest turning on the security audit log in dev to capture all security checks, then changing the view settings.<br>
<br>
Hopefully the required security check will be captured. If all else fails the SAP code can be modified as a last option.<br>
<br>
Kind Regards<br>
<br>
David Cooper<br>
<br>
Linked-In: <a href="http://www.linkedin.com/pub/david-cooper/47/616/36a" target="_blank">http://www.linkedin.com/pub/david-cooper/47/616/36a</a><br>
<br>
Australia: <a href="tel:%2B61%20499557040" value="+61499557040">+61 499557040</a><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/fcdcaa4d/attachment-0001.htm" target="_blank">http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/fcdcaa4d/attachment-0001.htm</a><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 19 Aug 2014 07:06:07 -0400<br>
From: Sue Doughty <<a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a>><br>
Subject: RE: Workflow log Security<br>
To: "'SAP Workflow Users' Group'" <<a href="mailto:sap-wug@mit.edu">sap-wug@mit.edu</a>><br>
Message-ID:<br>
<<a href="mailto:F5C165E2173DE547A64CDB01BAA1204F2BEE0ED94C@CORP-M-MB2.corp.odfl.com">F5C165E2173DE547A64CDB01BAA1204F2BEE0ED94C@CORP-M-MB2.corp.odfl.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi Rick,<br>
<br>
Thank you for your response.<br>
<br>
Yes, the step just sends the email. I will try your suggestion?.thank you!<br>
<br>
From: <a href="mailto:sap-wug-bounces@mit.edu">sap-wug-bounces@mit.edu</a> [mailto:<a href="mailto:sap-wug-bounces@mit.edu">sap-wug-bounces@mit.edu</a>] On Behalf Of Rick Bakker<br>
Sent: Monday, August 18, 2014 6:07 PM<br>
To: SAP Workflow Users' Group<br>
Subject: Re: Workflow log Security<br>
<br>
Hi Sue,<br>
<br>
What does this step do, just send an email? If so, what I would do is change it to a task that calls a method that calls<br>
fm SO_NEW_DOCUMENT_ATT_SEND_API1 and have that send the email.<br>
<br>
Then again, savvy users may be able to deduce something from the container element contents so you may want to make that more cryptic.<br>
<br>
regards<br>
Rick Bakker<br>
<br>
On Mon, Aug 18, 2014 at 11:39 AM, Sue Doughty <<a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a><mailto:<a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a>>> wrote:<br>
Hello,<br>
<br>
We are on EHP6 (730), pack 12.<br>
<br>
We have a workflow that sends drug test results to the employee?s manager after the results have been entered into SAP?an event is triggered that starts the workflow. The drug test results is privileged information (medical) and we have to protect it.<br>
<br>
In the Workflow log, the task that sends the email has the results in the Task Description?..this is what the email says? (BTW, this is a bogus person in DEV). Right now anyone can see a workflow log via GOS.<br>
<br>
[cid:image001.png@01CFBB7C.0C6FDC30]<br>
<br>
<br>
I went in and changed the Graphical Presentation to Only in Technical Workflow log for the task that sends the message?.I can see it because I have my settings set to Technical User, but the users (who default to User View) cannot see this task in the log.<br>
<br>
[cid:image004.png@01CFBB7C.0C6FDC30]<br>
<br>
The user sees this now?..which does not show the task for the email notification?the log stops with the task before that one.<br>
[cid:image005.png@01CFBB7C.0C6FDC30]<br>
<br>
My problem is that if a user figures out how to change their settings to Technical View, then they can see the test results.<br>
<br>
Is there any way to make this task not show in the workflow at all??like the box you can click for container operations?.?Step not in Workflow log??. If not this?..is there a way to lock down viewing of a workflow log with SAP Security or something to keep the user community from switching to the Technical View of the workflow log?<br>
<br>
[cid:image006.png@01CFBB7C.0C6FDC30]<br>
<br>
I?ve looked at the SAP Workflow Book and also googled it and the only thing I could find was Graphical Presentation setting.<br>
<br>
Thanks for your help!!<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Sue Doughty<br>
SAP Workflow Analyst<br>
<br>
[<a href="http://www.odfl.com/signature/signature_od_37x37.png" target="_blank">http://www.odfl.com/signature/signature_od_37x37.png</a>]<<a href="http://www.odfl.com" target="_blank">http://www.odfl.com</a>><br>
<br>
Office: (336) 822-5189<tel:%28336%29%20822-5189><br>
Fax: (336) 822-5149<tel:%28336%29%20822-5149><br>
Email: <a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a><mailto:<a href="mailto:Sue.Doughty@odfl.com">Sue.Doughty@odfl.com</a>><br>
Helping the World Keep Promises.?<br>
<br>
Old Dominion Freight Line, Inc.<br>
500 Old Dominion Way<br>
Thomasville, NC 27360<br>
<a href="http://www.odfl.com" target="_blank">www.odfl.com</a><<a href="http://www.odfl.com" target="_blank">http://www.odfl.com</a>><br>
[<a href="http://www.odfl.com/signature/signature_facebook_25x25.png" target="_blank">http://www.odfl.com/signature/signature_facebook_25x25.png</a>]<<a href="http://www.facebook.com/OldDominionFreightLine" target="_blank">http://www.facebook.com/OldDominionFreightLine</a>><br>
<br>
[<a href="http://www.odfl.com/signature/signature_twitter_25x25.png" target="_blank">http://www.odfl.com/signature/signature_twitter_25x25.png</a>]<<a href="http://twitter.com/ODFL_Inc" target="_blank">http://twitter.com/ODFL_Inc</a>><br>
<br>
[<a href="http://www.odfl.com/signature/signature_youtube_25x25.png" target="_blank">http://www.odfl.com/signature/signature_youtube_25x25.png</a>]<<a href="http://www.youtube.com/ODFLInc" target="_blank">http://www.youtube.com/ODFLInc</a>><br>
<br>
[<a href="http://www.odfl.com/signature/signature_linkedin_25x28.png" target="_blank">http://www.odfl.com/signature/signature_linkedin_25x28.png</a>]<<a href="http://www.linkedin.com/company/old-dominion-freight-line" target="_blank">http://www.linkedin.com/company/old-dominion-freight-line</a>><br>
<br>
CONFIDENTIALITY NOTICE: The information contained in this message may be confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. Thank you for your cooperation.<br>
<br>
<br>
<br>
Sue Doughty<br>
SAP Workflow Analyst<br>
Office: (336) 822-5189<br>
<br>
_______________________________________________<br>
SAP-WUG mailing list<br>
<a href="mailto:SAP-WUG@mit.edu">SAP-WUG@mit.edu</a><mailto:<a href="mailto:SAP-WUG@mit.edu">SAP-WUG@mit.edu</a>><br>
<a href="http://mailman.mit.edu/mailman/listinfo/sap-wug" target="_blank">http://mailman.mit.edu/mailman/listinfo/sap-wug</a><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment.htm" target="_blank">http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment.htm</a><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: image001.png<br>
Type: image/png<br>
Size: 57697 bytes<br>
Desc: image001.png<br>
Url : <a href="http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment.png" target="_blank">http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment.png</a><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: image004.png<br>
Type: image/png<br>
Size: 34393 bytes<br>
Desc: image004.png<br>
Url : <a href="http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0001.png" target="_blank">http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0001.png</a><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: image005.png<br>
Type: image/png<br>
Size: 28858 bytes<br>
Desc: image005.png<br>
Url : <a href="http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0002.png" target="_blank">http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0002.png</a><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: image006.png<br>
Type: image/png<br>
Size: 22254 bytes<br>
Desc: image006.png<br>
Url : <a href="http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0003.png" target="_blank">http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0003.png</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
SAP-WUG mailing list<br>
<a href="mailto:SAP-WUG@mit.edu">SAP-WUG@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/sap-wug" target="_blank">http://mailman.mit.edu/mailman/listinfo/sap-wug</a><br>
<br>
<br>
End of SAP-WUG Digest, Vol 117, Issue 16<br>
****************************************<br>
</blockquote></div><br></div></div></div></div></div>