Workflow attachment bypasses document type security
Sue Doughty
Sue.Doughty at odfl.com
Tue Apr 29 11:37:07 EDT 2014
We are on SAP Basis 731.
A workflow event gets triggered for an Employee when an image is scanned or uploaded to their record in SAP….. (BO PREL). Each document uploaded or scanned is linked to a document type in SAP depending on what kind of document it is. Security is set for each document type as to who can view the image. The workflow instantiates the BO Image and then has a Decision task for the user to display the image.
We have discovered that when a workflow log is displayed via GOS and the line is clicked that displays the image (BO IMAGE, Method Display), the link to the image is under the Objects and attachments.
[cid:image001.png at 01CF639E.79149B90]
When the link there is clicked the image is displayed…..bypassing the document type security.
[cid:image002.png at 01CF639F.59898B90]
If I go into PA20 and display the image via the Extras-->Display all facsimiles, I get an authorization error.
[cid:image003.png at 01CF639F.59898B90]
Is there a way to remove the link from the Objects and Attachments so that the image cannot be viewed from there? Or is there a way for the link to respect the document type security?
Any help would be greatly appreciated!
Sue Doughty
SAP Workflow Analyst [http://www.odfl.com/signature/signature_od_37x37.png] <http://www.odfl.com>
Office: (336) 822-5189
Email: Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>
Helping the World Keep Promises.®
Old Dominion Freight Line, Inc.
500 Old Dominion Way
Thomasville, NC 27360
www.odfl.com<http://www.odfl.com>
[http://www.odfl.com/signature/signature_facebook_25x25.png]<http://www.facebook.com/OldDominionFreightLine> [http://www.odfl.com/signature/signature_twitter_25x25.png] <http://twitter.com/ODFL_Inc> [http://www.odfl.com/signature/signature_youtube_25x25.png] <http://www.youtube.com/ODFLInc> [http://www.odfl.com/signature/signature_linkedin_25x28.png] <http://www.linkedin.com/company/old-dominion-freight-line>
CONFIDENTIALITY NOTICE: The information contained in this message may be confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20140429/16d87e60/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 79614 bytes
Desc: image001.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140429/16d87e60/attachment-0003.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 53012 bytes
Desc: image002.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140429/16d87e60/attachment-0004.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 11040 bytes
Desc: image003.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140429/16d87e60/attachment-0005.png
More information about the SAP-WUG
mailing list