项目上要限制生产机修改报表,工作簿和进程链的操作,所以呢,简单说说相应的Authorization Objects
上面是SAP提供的Reporting Basic权限
首先,S_RFC和S_TCODE是Analyzer所必须的
然后,R_RS_COMP这个看到的都懂,就是可以限制Query的种种
R_RS_COMP1这个其实就是多了一层,可以限制Query的Owner,也就是创建人
PS:我测试了下,COMP比COMP1优先级高,也就是说,如果COMP1给了全部权限,而COMP只给了查看,那就以COMP为准
工作簿呢,就与众不同了些
首先,限制用户不可更改,要用到:
S_USER_AGR with ACTVT 03; ACT_GROUP
当然,S_GUI,S_RFC也不可少,
For saving workbooks in Favorites you need:
S_GUI
S_BDS_DS
For saving workbooks in Roles you need:
S_USER_AGR
S_USER_TCD
参照下面一段儿:
Dear Praveen,
Our collage vishnuC is on right, the authorization object that you need to include in your reporting role is
Saving workbooks in Favorites
S_GUI: Authorization for GUI activities
S_BDS_DS: Authorization for document set.
The values that I suggest to use in each authorization object are following S_GUI in the field activity put 60. For S_BDS_DS: in the field activity, please put 03 and 30 and class type put OT.
Saving workbooks in Roles:
S_USER_AGR= authorization for role check
S_USER_TCD=transaction in roles
The values that I suggest to use in each authorization object are following S_USER_AGR in activity field put 01, 02 y 22. for delete Woorkbook put also 06 value. In field role name put "*". Other hand in S_USER_TCD put in Tcode "RRMX"
I hope this can help you!
Luis
源文档 <https://forums.sdn.sap.com/thread.jspa?threadID=884471>
多说一句,那么Process Chain的呢
