Auhorization for Attachments in Oppt

Prajit Patel Mar 14, 2011 1:27 PM

Currently Being Moderated

Hi,

We have a requirement wherein we want the user to read, edit and delete attachments in the opportunites which are created by him.

We are trying to use Auth object CRM_ORD_OP with Partner function category as 0008, but it is not working. The user is able to read attachments from any document as of now.

Also we have other option to implement a Badi: CRM_DOC_AUTHORITY in which we can write some logic.

I want some suggestions from you. Which is the right approach? can we restrict the user only using auth objects?

Regards,

Re: Auhorization for Attachments in Oppt

Robert Kunstelj Mar 14, 2011 5:31 PM (in response to Prajit Patel)

Currently Being Moderated

Object CRM_ORD_OP is the correct one, but be sure that you have aso closed object CRM_ORD_LP, otherwise the user will still have all the privieges defined in that object.

Regards.
Report Abuse

Like (0)
- Re: Auhorization for Attachments in Oppt
  
  Prajit Patel Mar 15, 2011 10:54 AM (in response to Robert Kunstelj)
  
  Currently Being Moderated
  
  Hi,
  
  I have maintained only CRM_ORD_OP with parnter function category 0008.
  Other objects CRM_ORD_LP and CRM_ORD_OE are inactive.
  Still the user is able to open attachments of an opportunity of which he is not a partner.
  
  Regards,
  PP
  
  Report Abuse
  
  Like (0)
  - Re: Auhorization for Attachments in Oppt
    
    Robert Kunstelj Mar 15, 2011 3:11 PM (in response to Prajit Patel)
    
    Currently Being Moderated
    
    From where do users open attachments?
    
    Report Abuse
    
    Like (0)
    - Re: Auhorization for Attachments in Oppt
      
      Prajit Patel Mar 16, 2011 7:34 AM (in response to Robert Kunstelj)
      
      Currently Being Moderated
      
      HI,
      
      Users open the attachments from WebUI- opportunity transaction.
      
      Report Abuse
      
      Like (0)
      - Re: Auhorization for Attachments in Oppt
        
        Robert Kunstelj Mar 16, 2011 7:51 AM (in response to Prajit Patel)
        
        Currently Being Moderated
        
        If you have objects CRM_ORD_LP and CRM_ORD_OE inactive and in CRM_ORD_OP maintained only combination (for example):
        Activity                       *
        Partner Function               *
        Partner Function Category      0008
        
        then this should work 100%. Because that means that user will be able to open only his opportunities and consequently only this attachments.
        
        But be sure that user doesn't have also ptivileges to authorization objects CRM_ORD_LP and CRM_ORD_OE in some other pfcg role.
        
        And if you just change pfcg role, also be sure to reset buffers with /$sync otherwise in cache you can still have old privileges.
        
        Report Abuse
        
        Like (0)

Go to original post