Workflow log Security

Shai Eyal shaieyalis at gmail.com
Tue Aug 19 08:18:19 EDT 2014 

Hi Sue,

User might reach workitem in several ways so it might be a bit difficult to
block all options.
I would simply go for encrypting info in workitem (either in description or
container element). In a custom "SendTaskDescription" I would decrypt it
and send it.
You can use class CL_HTTP_UTILITY to decode and encode.

BTW, In EHP6 there's built in "Encrypt" flag, you might check it out. As
far as I know it applies encryption only after email is generated and not
in workitem.

Good luck.


*Regards,Shai Eyal*
*SAP Workflow & BPM specialist*




On Tue, Aug 19, 2014 at 2:06 PM, <sap-wug-request at mit.edu> wrote:

> Send SAP-WUG mailing list submissions to
>         sap-wug at mit.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://mailman.mit.edu/mailman/listinfo/sap-wug
> or, via email, send a message with subject or body 'help' to
>         sap-wug-request at mit.edu
>
> You can reach the person managing the list at
>         sap-wug-owner at mit.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of SAP-WUG digest..."
>
>
> Today's Topics:
>
>    1. RE: Workflow log Security (Sue Doughty) (Sue Doughty)
>    2. RE: Workflow log Security (Sue Doughty)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Aug 2014 06:55:39 -0400
> From: Sue Doughty <Sue.Doughty at odfl.com>
> Subject: RE: Workflow log Security (Sue Doughty)
> To: "'David Cooper'" <davidcooper06 at icloud.com>, "'sap-wug at mit.edu'"
>         <sap-wug at mit.edu>
> Message-ID:
>         <
> F5C165E2173DE547A64CDB01BAA1204F2BEE0ED94A at CORP-M-MB2.corp.odfl.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi David,
>
> Thank you for your response!
>
> I did a security trace on it yesterday......found security
> objects?..removed them in DEV and the log was still visible.
>
> I really hope I don?t have to change SAP code?..I had to do that to lock
> down users displaying images from the workflow log.
>
>
> Sue Doughty
> SAP Workflow Analyst    [
> http://www.odfl.com/signature/signature_od_37x37.png] <http://www.odfl.com
> >
> Office: (336) 822-5189
> Fax: (336) 822-5149
> Email: Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>
> Helping the World Keep Promises.?
> Old Dominion Freight Line, Inc.
> 500 Old Dominion Way
> Thomasville, NC 27360
> www.odfl.com<http://www.odfl.com>
> [http://www.odfl.com/signature/signature_facebook_25x25.png]<
> http://www.facebook.com/OldDominionFreightLine>    [
> http://www.odfl.com/signature/signature_twitter_25x25.png] <
> http://twitter.com/ODFL_Inc>       [
> http://www.odfl.com/signature/signature_youtube_25x25.png] <
> http://www.youtube.com/ODFLInc>    [
> http://www.odfl.com/signature/signature_linkedin_25x28.png] <
> http://www.linkedin.com/company/old-dominion-freight-line>
> CONFIDENTIALITY NOTICE: The information contained in this message may be
> confidential, privileged, proprietary, or otherwise legally exempt from
> disclosure. If the reader of this message is not the intended recipient, or
> an employee or agent responsible for delivering this message to the
> intended recipient, you are hereby notified that you are not authorized to
> read, print, retain, copy or disseminate this message, any part of it, or
> any attachments. If you have received this message in error, please delete
> this message and any attachments from your system without reading the
> content and notify the sender immediately of the inadvertent transmission.
> Thank you for your cooperation.
>
> From: David Cooper [mailto:davidcooper06 at icloud.com]
> Sent: Monday, August 18, 2014 4:33 PM
> To: Sue Doughty; sap-wug at mit.edu
> Subject: RE: Workflow log Security (Sue Doughty)
>
> HI Sue,
>
> Not sure about the security settings required.  Can I suggest turning on
> the security audit log in dev to capture all security checks, then changing
> the view settings.
>
> Hopefully the required security check will be captured.  If all else fails
> the SAP code can be modified as a last option.
>
> Kind Regards
>
> David Cooper
>
> Linked-In: http://www.linkedin.com/pub/david-cooper/47/616/36a
>
> Australia: +61 499557040
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/fcdcaa4d/attachment-0001.htm
>
> ------------------------------
>
> Message: 2
> Date: Tue, 19 Aug 2014 07:06:07 -0400
> From: Sue Doughty <Sue.Doughty at odfl.com>
> Subject: RE: Workflow log Security
> To: "'SAP Workflow Users' Group'" <sap-wug at mit.edu>
> Message-ID:
>         <
> F5C165E2173DE547A64CDB01BAA1204F2BEE0ED94C at CORP-M-MB2.corp.odfl.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Rick,
>
> Thank you for your response.
>
> Yes, the step just sends the email.  I will try your suggestion?.thank you!
>
> From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf
> Of Rick Bakker
> Sent: Monday, August 18, 2014 6:07 PM
> To: SAP Workflow Users' Group
> Subject: Re: Workflow log Security
>
> Hi Sue,
>
> What does this step do, just send an email? If so, what I would do is
> change it to a task that calls a method that calls
> fm SO_NEW_DOCUMENT_ATT_SEND_API1 and have that send the email.
>
> Then again, savvy users may be able to deduce something from the container
> element contents so you may want to make that more cryptic.
>
> regards
> Rick Bakker
>
> On Mon, Aug 18, 2014 at 11:39 AM, Sue Doughty <Sue.Doughty at odfl.com
> <mailto:Sue.Doughty at odfl.com>> wrote:
> Hello,
>
> We are on EHP6 (730), pack 12.
>
> We have a workflow that sends drug test results to the employee?s manager
> after the results have been entered into SAP?an event is triggered that
> starts the workflow.  The drug test results is privileged information
> (medical) and we have to protect it.
>
> In the Workflow log, the task that sends the email has the results in the
> Task Description?..this is what the email says? (BTW, this is a bogus
> person in DEV).  Right now anyone can see a workflow log via GOS.
>
> [cid:image001.png at 01CFBB7C.0C6FDC30]
>
>
> I went in and changed the Graphical Presentation to Only in Technical
> Workflow log for the task that sends the message?.I can see it because I
> have my settings set to Technical User, but the users (who default to User
> View) cannot see this task in the log.
>
> [cid:image004.png at 01CFBB7C.0C6FDC30]
>
> The user sees this now?..which does not show the task for the email
> notification?the log stops with the task before that one.
> [cid:image005.png at 01CFBB7C.0C6FDC30]
>
> My problem is that if a user figures out how to change their settings to
> Technical View, then they can see the test results.
>
> Is there any way to make this task not show in the workflow at all??like
> the box you can click for container operations?.?Step not in Workflow
> log??.  If not this?..is there a way to lock down viewing of a workflow log
> with SAP Security or something to keep the user community from switching to
> the Technical View of the workflow log?
>
> [cid:image006.png at 01CFBB7C.0C6FDC30]
>
> I?ve looked at the SAP Workflow Book and also googled it and the only
> thing I could find was Graphical Presentation setting.
>
> Thanks for your help!!
>
>
>
>
>
>
>
>
>
>
> Sue Doughty
> SAP Workflow Analyst
>
> [http://www.odfl.com/signature/signature_od_37x37.png]<http://www.odfl.com
> >
>
> Office: (336) 822-5189<tel:%28336%29%20822-5189>
> Fax: (336) 822-5149<tel:%28336%29%20822-5149>
> Email: Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>
> Helping the World Keep Promises.?
>
> Old Dominion Freight Line, Inc.
> 500 Old Dominion Way
> Thomasville, NC 27360
> www.odfl.com<http://www.odfl.com>
> [http://www.odfl.com/signature/signature_facebook_25x25.png]<
> http://www.facebook.com/OldDominionFreightLine>
>
> [http://www.odfl.com/signature/signature_twitter_25x25.png]<
> http://twitter.com/ODFL_Inc>
>
> [http://www.odfl.com/signature/signature_youtube_25x25.png]<
> http://www.youtube.com/ODFLInc>
>
> [http://www.odfl.com/signature/signature_linkedin_25x28.png]<
> http://www.linkedin.com/company/old-dominion-freight-line>
>
> CONFIDENTIALITY NOTICE: The information contained in this message may be
> confidential, privileged, proprietary, or otherwise legally exempt from
> disclosure. If the reader of this message is not the intended recipient, or
> an employee or agent responsible for delivering this message to the
> intended recipient, you are hereby notified that you are not authorized to
> read, print, retain, copy or disseminate this message, any part of it, or
> any attachments. If you have received this message in error, please delete
> this message and any attachments from your system without reading the
> content and notify the sender immediately of the inadvertent transmission.
> Thank you for your cooperation.
>
>
>
> Sue Doughty
> SAP Workflow Analyst
> Office: (336) 822-5189
>
> _______________________________________________
> SAP-WUG mailing list
> SAP-WUG at mit.edu<mailto:SAP-WUG at mit.edu>
> http://mailman.mit.edu/mailman/listinfo/sap-wug
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment.htm
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image001.png
> Type: image/png
> Size: 57697 bytes
> Desc: image001.png
> Url :
> http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment.png
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image004.png
> Type: image/png
> Size: 34393 bytes
> Desc: image004.png
> Url :
> http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0001.png
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image005.png
> Type: image/png
> Size: 28858 bytes
> Desc: image005.png
> Url :
> http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0002.png
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image006.png
> Type: image/png
> Size: 22254 bytes
> Desc: image006.png
> Url :
> http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/f0568d26/attachment-0003.png
>
> ------------------------------
>
> _______________________________________________
> SAP-WUG mailing list
> SAP-WUG at mit.edu
> http://mailman.mit.edu/mailman/listinfo/sap-wug
>
>
> End of SAP-WUG Digest, Vol 117, Issue 16
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20140819/532c3115/attachment-0001.htm

More information about the SAP-WUG mailing list