Workflow attachment bypasses document type security
Sue Doughty
Sue.Doughty at odfl.com
Wed May 7 10:59:01 EDT 2014
Hi Kjetil,
I found my issue. I had not set the ZIMAGE object default to my new SecureDisplay method. When I did that, it worked! Thank you so much for your help!!
[cid:image001.png at 01CF69E3.57C2CA70]
Sue Doughty
SAP Workflow Analyst [http://www.odfl.com/signature/signature_od_37x37.png] <http://www.odfl.com>
Office: (336) 822-5189
Fax: (336) 822-5149
Email: Sue.Doughty at odfl.com<mailto:Sue.Doughty at odfl.com>
Helping the World Keep Promises.®
Old Dominion Freight Line, Inc.
500 Old Dominion Way
Thomasville, NC 27360
www.odfl.com<http://www.odfl.com>
[http://www.odfl.com/signature/signature_facebook_25x25.png]<http://www.facebook.com/OldDominionFreightLine> [http://www.odfl.com/signature/signature_twitter_25x25.png] <http://twitter.com/ODFL_Inc> [http://www.odfl.com/signature/signature_youtube_25x25.png] <http://www.youtube.com/ODFLInc> [http://www.odfl.com/signature/signature_linkedin_25x28.png] <http://www.linkedin.com/company/old-dominion-freight-line>
CONFIDENTIALITY NOTICE: The information contained in this message may be confidential, privileged, proprietary, or otherwise legally exempt from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this message, any part of it, or any attachments. If you have received this message in error, please delete this message and any attachments from your system without reading the content and notify the sender immediately of the inadvertent transmission. Thank you for your cooperation.
-----Original Message-----
From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf Of Kjetil Kilhavn
Sent: Wednesday, May 07, 2014 7:30 AM
To: SAP Workflow Users' Group
Subject: Re: Workflow attachment bypasses document type security
Tirsdag 6. mai 2014 08.49.48 skrev Sue Doughty:
> But, there is still the issue of going to the workflows through GOS
> and then clicking the link. It does not respect SAP Authority. Can
> the link be deleted from the list?
What I meant was that you create a subtype of the archive link subtype (and delegate to it) - and then you apply the required authorization check in the Display method which you re-implement in your subtype. When the link is clicked the default method (which is Display) is executed. Thus, by delegating to your own subtype and re-implementing the Display method you will be able to prevent unauthorized display.
At least that is how I think it works. I have not tried it myself, but I have delegated and reimplemented other objects/methods.
> Sue Doughty
> SAP Workflow Analyst
--
Kjetil Kilhavn / Vettug AS (http://www.vettug.no) _______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu<mailto:SAP-WUG at mit.edu>
http://mailman.mit.edu/mailman/listinfo/sap-wug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20140507/13d2c7f3/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15420 bytes
Desc: image001.png
Url : http://mailman.mit.edu/pipermail/sap-wug/attachments/20140507/13d2c7f3/attachment-0001.png
More information about the SAP-WUG
mailing list