This authorization object S_IWB checks authorizations for the Knowledge Warehouse.
Authorizations for administrative functions of the Knowledge Warehouse are checked with authorization object S_IWB_ADM.
The authorization object checks the following fields:
IWB_FLDGRP Folder group
LANGUAGE Language (development) or target language (translation)
IWB_REL Enhancement release
V1: Create Version
In Knowledge Warehouse components in the Solution Manager the following authorizations are also checked for:
60: Import of documents into the Solution Manager
95: Unlocking of documents in the Solution Manager
Access to Knowledge Warehouse folders is controlled by the authorization object S_IWB. This
authorization object is contained in all Document Management single roles, see above table column
Remarks. If you want restrict this authorization for a special project, assign the project (ID) to field
IWB_FLDGRP (Folder Group).
You should keep the default values in the field IWB_AREA (area).
Problem: Digital Signature: Restrict by Authorization Group
User A can sign for the authorization group PROD (production), but not for the authorization
group QUAL (quality assurance). Solution: In role SAP_SOL_KW_*, the user has the authorization value PROD for field SIGNAUTH,
in authorization object C_SIGN_BGR.
Problem: Document Management: Unlock Documents
You want to allow a user to unlock documents which are locked by a status schema. Solution: This can be controlled with the authorization object S_IWB and the activity 95.
Documents remain locked during signature procedure.
Problem: Document Management: Restrict Project
You want users who are assigned to a project to only be able to search for, edit or display the
documents for this project. Solution: This can be done with the combination of folder group and project authorizations.
When documents are created for a project, the system puts them in a folder group which is
assigned to the project, and its name, for instance the folder group with the name XYZ, is assigned
to the project. You restrict the following authorization objects: