Workflow log - restrict access

Neil Thomas dneilthomas at gmail.com
Mon Jun 5 08:34:53 EDT 2006 

Gavin,

Apologies for not responding sooner I have been on holiday.

I have gone back and checked our 4.6C system, we haven't utilised structural
auths as suggested by Jocelyn, as our control over the WI long
description was restricted by normal security restrictions within
user profiles.  These prevent users from seeing the text if they don't have
the access and also prevents them from launching transactions, PA20 in our
case, through the workflow, again if they don't have the access.  This was
sufficient for us.

It doesn't restrict the info within the containers so that still there I'm
afraid.

So it may be worth playing about with the structural auths against the
workflow and task and see what comes out.

Sorry I can't be of more help, if you need anything further please do not
hesitate to contact me.


On 5/26/06, Gavin Mooney <gavinmooney at gmail.com> wrote:
>
> Hi Neil,
>
> Thanks for the suggestion. Our requirement is similar to yours in that
> some workflows will contain client data that other areas of the
> company shouldn't be able to see.
>
> I hadn't thought about structural auths. I see that you can assign
> specific workflows and tasks to the profiles, but if a person doesn't
> have a particular workflow in their profile, what does that mean?
> Would it stop them from displaying the log for that workflow? LIkewise
> if they didn't have a particular task in their profile would it stop
> them from displaying work items based on that task?
>
> While we would like to limit access to the entire log to a certain
> group of users (on a WF by WF basis), what we really need to avoid is
> someone going to the log and looking at the contents of the
> containers.
>
> Thanks and regards,
> Gavin
>
> 2006/5/26, Neil Thomas <dneilthomas at gmail.com>:
> >
> > HI Gavin,
> >
> > Had a similiar issue implementing a HR Sickness Absence workflow and for
> > obvious reasons wanted to restrict the information within the workflow
> log.
> > We were on a 4.6C system and we could not find a way of restricting the
> > entire log to certain groups of users.
> > What we did use, after advice from Jocelyn Dart, was that standard
> security
> > profiles and structural auths limited the information people see within
> work
> > items long description but NOT the short desciption.  So we has pretty
> > generic/high level short text and the more meaningful info was in the
> long
> > description.
> >
> > Hope this helps.
> >
> >
> > On 5/25/06, Gavin Mooney <gavinmooney at gmail.com> wrote:
> > >
> > Hi all,
> >
> > We would like to limit users' access to the workflow log so that only
> > approved users can access it, and even then they can only see it for
> > certain workflow templates. For example the finance team would only
> > have access to display the log for "the finance workflows" (a group we
> > would define).
> >
> > I have seen authorization object S_WF_WI but I don't think it helps us
> > in this case. Has anyone faced this requirement before or have any
> > ideas? We're on 620.
> >
> > Thanks,
> > Gavin
> > _______________________________________________
> > SAP-WUG mailing list
> >  SAP-WUG at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/sap-wug
> >
> >
> >
> > --
> > Best Regards,
> >
> > Neil Thomas
> > _______________________________________________
> > SAP-WUG mailing list
> > SAP-WUG at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/sap-wug
> >
> >
> >
>
> _______________________________________________
> SAP-WUG mailing list
> SAP-WUG at mit.edu
> http://mailman.mit.edu/mailman/listinfo/sap-wug
>



-- 
Best Regards,

Neil Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20060605/3e7fd4b6/attachment.htm

More information about the SAP-WUG mailing list