Workflow attachment bypasses document type security

Tue May 6 08:49:48 EDT 2014

Hello Kjetil,

Thank you so much for your response.

I have incorporated the change into the workflow to check for authority and it is working.

But, there is still the issue of going to the workflows through GOS and then clicking the link.  It does not respect SAP Authority.  Can the link be deleted from the list?

Click on the Display link in the workflow

[cid:image001.png at 01CF6908.1FDF0C80]

Then click on the link under Objects and attachments

[cid:image002.png at 01CF6908.1FDF0C80]

The image displays even though the user does not have authority (See workflow log above under Display link).

[cid:image003.png at 01CF6908.1FDF0C80]

Sue Doughty
SAP Workflow Analyst    [http://www.odfl.com/signature/signature_od_37x37.png] <http://www.odfl.com>
Office: (336) 822-5189
Email: Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>
Helping the World Keep Promises.®
Old Dominion Freight Line, Inc.
500 Old Dominion Way
Thomasville, NC 27360
www.odfl.com<http://www.odfl.com>
[http://www.odfl.com/signature/signature_facebook_25x25.png]<http://www.facebook.com/OldDominionFreightLine>    [http://www.odfl.com/signature/signature_twitter_25x25.png] <http://twitter.com/ODFL_Inc>       [http://www.odfl.com/signature/signature_youtube_25x25.png] <http://www.youtube.com/ODFLInc>    [http://www.odfl.com/signature/signature_linkedin_25x28.png] <http://www.linkedin.com/company/old-dominion-freight-line>
CONFIDENTIALITY NOTICE: The information contained in this message may be confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. Thank you for your cooperation.

-----Original Message-----
From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf Of Kjetil Kilhavn
Sent: Wednesday, April 30, 2014 8:49 AM
To: SAP Workflow Users' Group
Subject: Re: Workflow attachment bypasses document type security

Tirsdag 29. april 2014 11.37.07 skrev Sue Doughty:

> Or is there a way for the link to respect the document type security?

Create a subtype of the archive link object type and re-implement the display method so that an authorization check is performed (when necessary).

--

Kjetil Kilhavn / Vettug AS (http://www.vettug.no) _______________________________________________

SAP-WUG mailing list

SAP-WUG at mit.edu<mailto:SAP-WUG at mit.edu>

http://mailman.mit.edu/mailman/listinfo/sap-wug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20140506/19a63907/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 95997 bytes
Desc: image001.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140506/19a63907/attachment-0003.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13224 bytes
Desc: image002.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140506/19a63907/attachment-0004.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 13408 bytes
Desc: image003.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140506/19a63907/attachment-0005.png