Approach
Access to Knowledge Warehouse folders is controlled by the authorization object S_IWB. This
authorization object is contained in all Document Management single roles, see above table column
Remarks. If you want restrict this authorization for a special project, assign the project (ID) to field
IWB_FLDGRP (Folder Group).
Caution
You should keep the default values in the field IWB_AREA (area).
Example
Problem: Digital Signature: Restrict by Authorization Group
User A can sign for the authorization group PROD (production), but not for the authorization
group QUAL (quality assurance).
Solution: In role SAP_SOL_KW_*, the user has the authorization value PROD for field SIGNAUTH,
in authorization object C_SIGN_BGR.
Problem: Document Management: Unlock Documents
You want to allow a user to unlock documents which are locked by a status schema.
Solution: This can be controlled with the authorization object S_IWB and the activity 95.
Documents remain locked during signature procedure.
Problem: Document Management: Restrict Project
You want users who are assigned to a project to only be able to search for, edit or display the
documents for this project.
Solution: This can be done with the combination of folder group and project authorizations.
When documents are created for a project, the system puts them in a folder group which is
assigned to the project, and its name, for instance the folder group with the name XYZ, is assigned
to the project. You restrict the following authorization objects:
- S_PROJECT with field PROJECT_ID
- S_IWB and S_IWB_ATTR with field IWB_FLDGRP
