Workflow log Security

Darlington Chiyamha chiyamhad at gmail.com
Thu Aug 21 03:50:14 EDT 2014 

Hi Sue,

I have implemented a BADI GOS_SRV_SELECT to restrict the option 'Create
Attachment' on the GOS using the below code in method SELECT_SERVICES of
IF_EX_GOS_SRV_SELECT. All you need to do is specify the business object you
want to restrict it for (e.g. BUS1022 or BUS2105, as below) in the
condition for is_lpor-typeid and insert the service you want to restrict
into table ET_OPTIONS using the sign and option as below. Check out table
SGOSATTR for the services available. I think you need to restrict for
service WF_OVERVIEW.

  DATA: ls_option TYPE sgos_sels.
  data: services type table of sgosattr.
  FIELD-SYMBOLS <service> TYPE sgosattr.

  SELECT * INTO TABLE services FROM sgosattr.

  if is_lpor-typeid eq 'BUS1022' or is_lpor-typeid eq 'BUS2105'.
    LOOP AT services ASSIGNING <service>.

      if <service>-name = 'PCATTA_CREA'.
        ls_option-sign   = 'E'.
        ls_option-option = 'EQ'.
        ls_option-low    = <service>-name.
        APPEND ls_option TO et_options.
      endif.

    ENDLOOP.
  endif.




On Wed, Aug 20, 2014 at 8:19 PM, Sue Doughty <Sue.Doughty at odfl.com> wrote:

> Hi Loren,
>
>
>
> It looks like it does disable all of them.   I tried a vendor and it is
> disabled.  I was thinking about giving anyone that had to see workflow logs
> (with approval from Mgmt) transaction SWI6 to view the logs that way.  We
> have 240 service centers with 15,000 employees throughout the country and
> the only users that should be able to see them are here in the Corporate
> Office.....at the most maybe 20 - 30 people would have authority to see them.
>
>
>
> Our purchasing system has a custom front end on it and does not use
> workflow.....it has a "shopping cart" screen where the users can see the
> status of POs, etc.
>
>
>
>
>
> Sue Doughty
> SAP Workflow Analyst
> Office: (336) 822-5189
>
> *From:* sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] *On
> Behalf Of *Bratzler, Loren
> *Sent:* Wednesday, August 20, 2014 1:55 PM
> *To:* 'SAP Workflow Users' Group'; 'Jeff at Business-Workflow.com'
>
> *Subject:* RE: Workflow log Security
>
>
>
> I am curious about this solution.  When you disable the Workflow Overview,
> does that disable it for all documents in the system?  Or can you specify
> to only disable the function for specific document types?  The reason I ask
> is that I can see where this would be useful to protect sensitive HR
> information, but I would not want to disable this for other documents such
> as invoices, POs, etc.  Our users rely heavily on the workflow overview to
> be able to tell where a document is in the approval process.
>
>
>
> Loren Bratzler
>
> Norfolk Southern Corporation
>
>
>
>
>
> *From:* sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu
> <sap-wug-bounces at mit.edu>] *On Behalf Of *Sue Doughty
> *Sent:* Wednesday, August 20, 2014 1:28 PM
> *To:* 'Jeff at Business-Workflow.com'; 'SAP Workflow Users' Group'
> *Subject:* RE: Workflow log Security
>
>
>
> Hi Jeff,
>
>
>
> Thank you for your response!
>
>
>
> This is exactly what I need.....it will lock the users out of the workflow
> logs but as the administrator, I will still be able to see them!  Thank you
> so much for your help!!!
>
>
>
> FYI.....It is transaction SGOS.....I added an entry for WF_OVERVIEW and
> WF_ARCHIVE (which are the Workflow Overview and Archived Workflows options
> in the GOS menu) and made them inactive.
>
>
>
> [image: Description: cid:image001.png at 01CFBC7A.671ADF00]
>
>
>
> Now it does not show in the dropdown.
>
> [image: Description: cid:image006.png at 01CFBC7A.9E483CC0]
>
>
>
>
> *Sue Doughty*
> SAP Workflow Analyst
> Office: (336) 822-5189
>
> *From:* Jeff Rappaport [mailto:Jeff at Business-Workflow.com
> <Jeff at Business-Workflow.com>]
> *Sent:* Wednesday, August 20, 2014 12:52 PM
> *To:* SAP Workflow Users' Group; Sue Doughty
> *Subject:* RE: Workflow log Security
>
>
>
> Hey Sue,
>
>    Not sure if this will help your issue completely, but I've in the past
> enabled & disabled some of the featured items of the GOS, so you could
> disable the 'Workflow Overview' menu item, that is if they don't need it. I
> attached a very old Doc on how to do it, I'm not at my own computer right
> now so I don't have any of my later documentation on it.
> .
> .
> *Jeffrey A. Rappaport*
> *www.Business-Workflow.com <http://www.Business-Workflow.com>*
>
> --- Original message ---
>
> *From: *
>
> Sue Doughty <Sue.Doughty at odfl.com>
>
> *Date: *
>
> August 19, 2014 7:08:26 AM
>
> *Subject: *
>
> RE: Workflow log Security
>
> *To: *
>
> "'SAP Workflow Users' Group'" <sap-wug at mit.edu>
>
>
>
> Hi Rick,
>
>
>
> Thank you for your response.
>
>
>
> Yes, the step just sends the email.  I will try your suggestion....thank you!
>
>
>
> *From:* sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu
> <sap-wug-bounces at mit.edu>] *On Behalf Of *Rick Bakker
> *Sent:* Monday, August 18, 2014 6:07 PM
> *To:* SAP Workflow Users' Group
> *Subject:* Re: Workflow log Security
>
>
>
> Hi Sue,
>
>
>
> What does this step do, just send an email? If so, what I would do is
> change it to a task that calls a method that calls
>
> fm SO_NEW_DOCUMENT_ATT_SEND_API1 and have that send the email.
>
>
>
> Then again, savvy users may be able to deduce something from the container
> element contents so you may want to make that more cryptic.
>
>
>
> regards
>
> Rick Bakker
>
>
>
> On Mon, Aug 18, 2014 at 11:39 AM, Sue Doughty <Sue.Doughty at odfl.com>
> wrote:
>
> Hello,
>
>
>
> We are on EHP6 (730), pack 12.
>
>
>
> We have a workflow that sends drug test results to the employee's manager
> after the results have been entered into SAP...an event is triggered that
> starts the workflow.  The drug test results is privileged information
> (medical) and we have to protect it.
>
>
>
> In the Workflow log, the task that sends the email has the results in the
> Task Description.....this is what the email says... (BTW, this is a bogus
> person in DEV).  Right now anyone can see a workflow log via GOS.
>
>
>
> [image: Description: cid:image002.png at 01CFBC7A.671ADF00]
>
>
>
>
>
> I went in and changed the Graphical Presentation to Only in Technical
> Workflow log for the task that sends the message....I can see it because I
> have my settings set to Technical User, but the users (who default to User
> View) cannot see this task in the log.
>
>
>
> [image: Description: cid:image003.png at 01CFBC7A.671ADF00]
>
>
>
> The user sees this now.....which does not show the task for the email
> notification...the log stops with the task before that one.
>
> [image: Description: cid:image004.png at 01CFBC7A.671ADF00]
>
>
>
> My problem is that if a user figures out how to change their settings to
> Technical View, then they can see the test results.
>
>
>
> Is there any way to make this task not show in the workflow at all......like
> the box you can click for container operations...."Step not in Workflow
> log"?.  If not this.....is there a way to lock down viewing of a workflow log
> with SAP Security or something to keep the user community from switching to
> the Technical View of the workflow log?
>
>
>
> [image: Description: cid:image005.png at 01CFBC7A.671ADF00]
>
>
>
> I've looked at the SAP Workflow Book and also googled it and the only
> thing I could find was Graphical Presentation setting.
>
>
>
> Thanks for your help!!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Sue Doughty*
> SAP Workflow Analyst
>
> [image: Description: Image removed by sender.] <http://www.odfl.com/>
>
> Office: (336) 822-5189
> Fax: (336) 822-5149
> Email: Sue.Doughty at odfl.com
>
> Helping the World Keep Promises.(R)
>
> Old Dominion Freight Line, Inc.
> 500 Old Dominion Way
> Thomasville, NC 27360
> www.odfl.com
>
> [image: Description: Image removed by sender.]
> <http://www.facebook.com/OldDominionFreightLine>
>
> [image: Description: Image removed by sender.]
> <http://twitter.com/ODFL_Inc>
>
> [image: Description: Image removed by sender.]
> <http://www.youtube.com/ODFLInc>
>
> [image: Description: Image removed by sender.]
> <http://www.linkedin.com/company/old-dominion-freight-line>
>
> CONFIDENTIALITY NOTICE: The information contained in this message may be
> confidential, privileged, proprietary, or otherwise legally exempt from
> disclosure. If the reader of this message is not the intended recipient, or
> an employee or agent responsible for delivering this message to the
> intended recipient, you are hereby notified that you are not authorized to
> read, print, retain, copy or disseminate this message, any part of it, or
> any attachments. If you have received this message in error, please delete
> this message and any attachments from your system without reading the
> content and notify the sender immediately of the inadvertent transmission.
> Thank you for your cooperation.
>
>
>
>
> *Sue Doughty*
> SAP Workflow Analyst
> Office: (336) 822-5189
>
> _______________________________________________
> SAP-WUG mailing list
> SAP-WUG at mit.edu
> http://mailman.mit.edu/mailman/listinfo/sap-wug
>
>
>
> _______________________________________________
> SAP-WUG mailing list
> SAP-WUG at mit.edu
> http://mailman.mit.edu/mailman/listinfo/sap-wug
>
>
> _______________________________________________
> SAP-WUG mailing list
> SAP-WUG at mit.edu
> http://mailman.mit.edu/mailman/listinfo/sap-wug
>
>


-- 
Regards/Groete

Darlington Chiyamha
SAP ABAP/Workflow Consultant
Cell: +27 71 869 3176
Alt Cell: +27 82 061 6309
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.png
Type: image/png
Size: 57697 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0007.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image017.png
Type: image/png
Size: 22254 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0008.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image012.png
Type: image/png
Size: 16528 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0009.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.png
Type: image/png
Size: 16015 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0010.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.png
Type: image/png
Size: 23388 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0011.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image016.png
Type: image/png
Size: 28858 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0012.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image019.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0004.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image018.jpg
Type: image/jpeg
Size: 350 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0005.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image020.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0006.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image021.jpg
Type: image/jpeg
Size: 344 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0007.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image015.png
Type: image/png
Size: 34393 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140821/93d55ea6/attachment-0013.png

More information about the SAP-WUG mailing list