cancel
Showing results for 
Search instead for 
Did you mean: 

Auhorization for Attachments in Oppt

former_member200342
Active Contributor
0 Kudos

Hi,

We have a requirement wherein we want the user to read, edit and delete attachments in the opportunites which are created by him.

We are trying to use Auth object CRM_ORD_OP with Partner function category as 0008, but it is not working. The user is able to read attachments from any document as of now.

Also we have other option to implement a Badi: CRM_DOC_AUTHORITY in which we can write some logic.

I want some suggestions from you. Which is the right approach? can we restrict the user only using auth objects?

Regards,

PP

Accepted Solutions (0)

Answers (1)

Answers (1)

robert_kunstelj
Active Contributor
0 Kudos

Object CRM_ORD_OP is the correct one, but be sure that you have aso closed object CRM_ORD_LP, otherwise the user will still have all the privieges defined in that object.

Regards.

former_member200342
Active Contributor
0 Kudos

Hi,

I have maintained only CRM_ORD_OP with parnter function category 0008.

Other objects CRM_ORD_LP and CRM_ORD_OE are inactive.

Still the user is able to open attachments of an opportunity of which he is not a partner.

Regards,

PP

robert_kunstelj
Active Contributor
0 Kudos

From where do users open attachments?

former_member200342
Active Contributor
0 Kudos

HI,

Users open the attachments from WebUI- opportunity transaction.

robert_kunstelj
Active Contributor
0 Kudos

If you have objects CRM_ORD_LP and CRM_ORD_OE inactive and in CRM_ORD_OP maintained only combination (for example):

Activity *

Partner Function *

Partner Function Category 0008

then this should work 100%. Because that means that user will be able to open only his opportunities and consequently only this attachments.

But be sure that user doesn't have also ptivileges to authorization objects CRM_ORD_LP and CRM_ORD_OE in some other pfcg role.

And if you just change pfcg role, also be sure to reset buffers with /$sync otherwise in cache you can still have old privileges.

Former Member
0 Kudos

Hi Prajit,

I have exactly the same requirement as you, but for accounts. How did you finally solve it?

Thanks a lot,

Pavel