Execute workitem from Lotus Notes (no SAP user)

Dart, Jocelyn jocelyn.dart at sap.com
Thu Apr 19 20:44:52 EDT 2001 

Hi Flavio,
I've been through this discussion with another customer.
I can only support Alan's advice, i.e. PLEASE DO NOT DO THIS!!!
Just because something is technically possible, doesn't mean it's a good
idea.
 
Using a generic user to send back the workitem results is very dangerous
from a
security standpoint.  Even if you are able to record who sent the mail, how
often
will that log be checked?  Given that the executed workitem will continue
the workflow
immediately the results are received, even if you do find an unauthorised
person
has sent the results, how will you catch it in time?  And how are you going
to reverse what's happened?
Especially if there is a monetary or contractual flow on?
 
The classic scenario to explain worst case:
a) Authorised person receives email with executable workitem attachment
b) Authorised person needs more info before making decision, so forwards
copy of workitem
with request for more info back to the initiator
c) Initiator is now able to execute the workitem attachment - i.e. approve
their own stuff!!!
 
If it's the licensing that's the issue, suggest you ring your local SAP
helpdesk
and get someone to discuss the licensing issue with your account manager at
SAP.
If you are on a mySAP licence it may not cost any extra (i.e. it may already
be
included in your current licensing agreement), even if you are on an
old licence these are minimal users and should attract a minimal cost.
But you have to talk to the licensing experts on this.
Regards,
        Jocelyn Dart
Consultant (BBP, Ecommerce, Internet Transaction Server, Workflow)
SAP Australia
Email jocelyn.dart at sap.com <mailto:jocelyn.dart at sap.com>
Tel: +61 412 390 267
Fax: +61 2 9935 4880
 
 
-----Original Message-----
From: Flavio Oliveira [mailto:oliveiraflavio at hotmail.com]
Sent: Friday, 20 April 2001 6:49 AM
To: SAP-WUG at MITVMA.MIT.EDU
Subject: Re: Execute workitem from Lotus Notes (no SAP user)
 
 
Alan:
 
The problem is that I have some users that will use SAP very sporadically
and, some times, they are not locally at our site. Is not interesting for us
to have specific SAP user id's for this kind of sporadicaly users.
 
That is why we are trying to use lotus notes id's.
 
The problems with log information we can try to solve by putting the notes
id as the user who has realy approved the document. I know that this is
possible only by changing standard SAP and we will have to decide what is
better: either create SAP users for all involved people or try to use the
lotus notes solution (with all the inconvenient that we know that exist).
 
I would appreciate any suggestion.
Thank you very much.
Flavio.
 
>From: "Rickayzen, Alan" <alan.rickayzen at sap.com>
>Reply-To: SAP Workflow Users' Group <SAP-WUG at MITVMA.MIT.EDU>
>To: SAP-WUG at MITVMA.MIT.EDU
>Subject: Re: Execute workitem from Lotus Notes (no SAP user)
>Date: Thu, 19 Apr 2001 14:32:13 +0200
>
>Flavio,
>The problem is that e-mails can be forwarded to anyone and by providing a
>generic mechanism you completely lose control over who-does-what in the SAP
>backend system. It would be like creating a user with no password control
>whatsoever.
>
>You also lose all accountability in the different workflow logs.
>
>Why do it via e-mail rather than using the Web Inbox which everyone can
>access (via their user id and access control)?
>
>It would help if you could paint the exact scenario.
>
>Alan Rickayzen
>SAP AG
>
>-----Original Message-----
>From: Flavio Oliveira [mailto:oliveiraflavio at hotmail.com]
>Sent: Donnerstag, 19. April 2001 14:23
>To: SAP-WUG at MITVMA.MIT.EDU
>Subject: Execute workitem from Lotus Notes (no SAP user)
>
>
>I know that is possible to send a notification from workflow to an internet
>email address.
>
>But is it possible to execute a workitem from this internet address and use
>some generic SAP user to actually update the data on SAP?
>
>Thanks.
>Flavio.
>_________________________________________________________________________
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
 
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

More information about the SAP-WUG mailing list