cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict access for tickets (ITSM or ChaRM change documents) using categorization scheme?

Go to solution
tabea_steiner
Explorer

on ‎02-16-2016 1:39 PM

0 Kudos

Dear everyone,

due to sensitive data in HR/HCM context we would like to restrict access to HR-Tickets.

I imagine it would be easiest to go via categorization or component.

Up until now I have only found Information regarding approver Determination/approver authorization and Information on how to differentiate between different document types (SMIN/SMCR,...)

Has anyone of you ever implemented a solution like this:

categorization = "HR/HCM" --> only a certain user Group, the message processor and the Reporter can find, Access, Change the ticket.

Thank you for your Input!

Tabea

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-16-2016 3:28 PM
0 Kudos

Hi Tabea,

i have done this in various degrees for some customers, but not yet based on categorization.

But i think that should not be a problem.

You can use BadI CRM_ORDER_AUTH_CHECK to implement the authorization check:

- Method CRM_ORDER_ADD_AUTH_CHECK for create/edit/display

- Method CRM_RFW_CALL_AUTHORITY for search result lists

Best Regards,

Christoph

Show replies
Show replies

Answers (1)

Answers (1)

former_member186154
Active Participant
‎02-16-2016 9:38 PM
0 Kudos

Hi Tabea,

In relation to the information provided by Christoph, Check the SAP Note 1981995 - Restricting Visibility of Messages Using An Assigned Configuration Element. This note has the code that needs to be used in the BADI Implementation.

Explore the option of adding the HR team members to a organizational unit and using the Authorization object SM_SDK_IBA with value USERS_ORG to restrict access.

If the restriction has to be based only on the categorization values then you may not be able to take the advantage of the standard Authorization object SM_SDK_IBA. As Christoph indicated you might have to handle the entire authority check in the BADI methods with your custom code. Let me know if you are looking for additional details on this.

Regards,

Kathir

Show replies
Show replies
Ask a Question