Workflow log Security

Schumacher, Margaret margaret.schumacher at teleflex.com
Thu Aug 21 08:22:30 EDT 2014 

You might look into the BAdI  GOS_SRV_SELECT  method  SELECT_SERVICES   or   GOS_SRV_REQUEST method START_SERVICE

We have a requirement to not allow attachments to be deleted after a QN status is completed unless the user has a managerial role.  Our first attempt was using the SELECT_SERVICES to check the object type (IF is_lpor-typeid = 'BUS2078'… ) and user auths before restricting (PCATTA_CREA and CREATE_ATTA)options.  This worked fine to disable the buttons however the table SGOSCUST entry has a field for setting the Commit or not which affected the saving of attachments on other object types.  It was an intermittent problem that we solved by using the 2nd badi w/ START_SERVICE instead.  Here you can execute any logic (ie messages that an action is  not allowed or call GOS_ATTACHMENT_LIST_POPUP passing the display only mode) and if you want the normal processing you just RAISE rejected and it continues with the standard processing.

Margaret Schumacher

From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf Of Sue Doughty
Sent: Wednesday, August 20, 2014 2:19 PM
To: 'SAP Workflow Users' Group'
Subject: RE: Workflow log Security

Hi Loren,

It looks like it does disable all of them.   I tried a vendor and it is disabled.  I was thinking about giving anyone that had to see workflow logs (with approval from Mgmt) transaction SWI6 to view the logs that way.  We have 240 service centers with 15,000 employees throughout the country and the only users that should be able to see them are here in the Corporate Office…..at the most maybe 20 - 30 people would have authority to see them.

Our purchasing system has a custom front end on it and does not use workflow…..it has a “shopping cart” screen where the users can see the status of POs, etc.

[cid:image001.png at 01CFBD14.B78C8930]


Sue Doughty
SAP Workflow Analyst
Office: (336) 822-5189
From: sap-wug-bounces at mit.edu<mailto:sap-wug-bounces at mit.edu> [mailto:sap-wug-bounces at mit.edu] On Behalf Of Bratzler, Loren
Sent: Wednesday, August 20, 2014 1:55 PM
To: 'SAP Workflow Users' Group'; 'Jeff at Business-Workflow.com'
Subject: RE: Workflow log Security

I am curious about this solution.  When you disable the Workflow Overview, does that disable it for all documents in the system?  Or can you specify to only disable the function for specific document types?  The reason I ask is that I can see where this would be useful to protect sensitive HR information, but I would not want to disable this for other documents such as invoices, POs, etc.  Our users rely heavily on the workflow overview to be able to tell where a document is in the approval process.

Loren Bratzler
Norfolk Southern Corporation


From: sap-wug-bounces at mit.edu<mailto:sap-wug-bounces at mit.edu> [mailto:sap-wug-bounces at mit.edu] On Behalf Of Sue Doughty
Sent: Wednesday, August 20, 2014 1:28 PM
To: 'Jeff at Business-Workflow.com'; 'SAP Workflow Users' Group'
Subject: RE: Workflow log Security

Hi Jeff,

Thank you for your response!

This is exactly what I need…..it will lock the users out of the workflow logs but as the administrator, I will still be able to see them!  Thank you so much for your help!!!

FYI…..It is transaction SGOS…..I added an entry for WF_OVERVIEW and WF_ARCHIVE (which are the Workflow Overview and Archived Workflows options in the GOS menu) and made them inactive.

[Description: cid:image001.png at 01CFBC7A.671ADF00]

Now it does not show in the dropdown.
[Description: cid:image006.png at 01CFBC7A.9E483CC0]


Sue Doughty
SAP Workflow Analyst
Office: (336) 822-5189
From: Jeff Rappaport [mailto:Jeff at Business-Workflow.com]
Sent: Wednesday, August 20, 2014 12:52 PM
To: SAP Workflow Users' Group; Sue Doughty
Subject: RE: Workflow log Security


Hey Sue,

   Not sure if this will help your issue completely, but I've in the past enabled & disabled some of the featured items of the GOS, so you could disable the 'Workflow Overview' menu item, that is if they don't need it. I attached a very old Doc on how to do it, I'm not at my own computer right now so I don't have any of my later documentation on it.
.
.
Jeffrey A. Rappaport
www.Business-Workflow.com<http://www.Business-Workflow.com>
--- Original message ---

From:

Sue Doughty <Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>>

Date:

August 19, 2014 7:08:26 AM

Subject:

RE: Workflow log Security

To:

"'SAP Workflow Users' Group'" <sap-wug at mit.edu<mailto:sap-wug at mit.edu>>


Hi Rick,

Thank you for your response.

Yes, the step just sends the email.  I will try your suggestion….thank you!

From: sap-wug-bounces at mit.edu<mailto:sap-wug-bounces at mit.edu> [mailto:sap-wug-bounces at mit.edu] On Behalf Of Rick Bakker
Sent: Monday, August 18, 2014 6:07 PM
To: SAP Workflow Users' Group
Subject: Re: Workflow log Security

Hi Sue,

What does this step do, just send an email? If so, what I would do is change it to a task that calls a method that calls
fm SO_NEW_DOCUMENT_ATT_SEND_API1 and have that send the email.

Then again, savvy users may be able to deduce something from the container element contents so you may want to make that more cryptic.

regards
Rick Bakker

On Mon, Aug 18, 2014 at 11:39 AM, Sue Doughty <Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>> wrote:
Hello,

We are on EHP6 (730), pack 12.

We have a workflow that sends drug test results to the employee’s manager after the results have been entered into SAP…an event is triggered that starts the workflow.  The drug test results is privileged information (medical) and we have to protect it.

In the Workflow log, the task that sends the email has the results in the Task Description…..this is what the email says… (BTW, this is a bogus person in DEV).  Right now anyone can see a workflow log via GOS.

[Description: cid:image002.png at 01CFBC7A.671ADF00]


I went in and changed the Graphical Presentation to Only in Technical Workflow log for the task that sends the message….I can see it because I have my settings set to Technical User, but the users (who default to User View) cannot see this task in the log.

[Description: cid:image003.png at 01CFBC7A.671ADF00]

The user sees this now…..which does not show the task for the email notification…the log stops with the task before that one.
[Description: cid:image004.png at 01CFBC7A.671ADF00]

My problem is that if a user figures out how to change their settings to Technical View, then they can see the test results.

Is there any way to make this task not show in the workflow at all……like the box you can click for container operations….”Step not in Workflow log”?.  If not this…..is there a way to lock down viewing of a workflow log with SAP Security or something to keep the user community from switching to the Technical View of the workflow log?

[Description: cid:image005.png at 01CFBC7A.671ADF00]

I’ve looked at the SAP Workflow Book and also googled it and the only thing I could find was Graphical Presentation setting.

Thanks for your help!!










Sue Doughty
SAP Workflow Analyst

[Description: Image removed by sender.]<http://www.odfl.com/>

Office: (336) 822-5189<tel:%28336%29%20822-5189>
Fax: (336) 822-5149<tel:%28336%29%20822-5149>
Email: Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>
Helping the World Keep Promises.®

Old Dominion Freight Line, Inc.
500 Old Dominion Way
Thomasville, NC 27360
www.odfl.com<http://www.odfl.com>
[Description: Image removed by sender.]<http://www.facebook.com/OldDominionFreightLine>

[Description: Image removed by sender.]<http://twitter.com/ODFL_Inc>

[Description: Image removed by sender.]<http://www.youtube.com/ODFLInc>

[Description: Image removed by sender.]<http://www.linkedin.com/company/old-dominion-freight-line>

CONFIDENTIALITY NOTICE: The information contained in this message may be confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. Thank you for your cooperation.


Sue Doughty
SAP Workflow Analyst
Office: (336) 822-5189
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu<mailto:SAP-WUG at mit.edu>
http://mailman.mit.edu/mailman/listinfo/sap-wug

_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu<mailto:SAP-WUG at mit.edu>
http://mailman.mit.edu/mailman/listinfo/sap-wug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16015 bytes
Desc: image001.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0007.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16528 bytes
Desc: image002.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0008.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 23388 bytes
Desc: image003.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0009.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 57697 bytes
Desc: image004.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0010.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 34393 bytes
Desc: image005.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0011.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 28858 bytes
Desc: image006.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0012.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 22254 bytes
Desc: image007.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0013.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 350 bytes
Desc: image008.jpg
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0004.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.jpg
Type: image/jpeg
Size: 344 bytes
Desc: image009.jpg
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0005.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.jpg
Type: image/jpeg
Size: 344 bytes
Desc: image010.jpg
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0006.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.jpg
Type: image/jpeg
Size: 344 bytes
Desc: image011.jpg
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/515e5b78/attachment-0007.jpg

More information about the SAP-WUG mailing list