Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

Purpose

The document management authorization objects are elements of the standard R/3 System authorization concept. They enable you to use complex authorizations for processing documents and their original application files.

Reason

Document processing is organized in accordance with your company's structure. Master data for all application areas is often created at one central location. Data that is specific to an application area is then added using the Change function.

The authorization system can be set up accordingly. Access authorizations are controlled via various authorization objects.

If you want to link the document to other SAP objects, the system also executes the authorization checks from the appropriate application areas while you are processing.

Structure

The authorization objects for documents are assigned to the Document Management object class. Four authorization objects are defined for the Document Management System in the standard system.

Authorization Object C_DRAW_TCD (Activities for Documents)

The following table shows authorization object C_DRAW_TCD. This object controls which users can process which document info

Fields

Possible Values

Description

ACTVT (Activity)

01 02 03 06 17

Create Change Display Delete Maintain number range object

DOKAR (Document type)

 

The activities can be executed for the document type.

 Authorization Object C_DRAW_TCS (Status Dependent Authorization)

The following table shows authorization object C_DRAW_TCS. This object controls which users can process which document info records, based on a combination of activity, document type, and status.

Fields

Possible Values

Description

ACTVT (Activity)

01 02 03 06

Choose: Create Change Display Delete

DOKAR (Document type)

 

The activities can be executed for the document type.

STATUS (Document status)

 

 

Authorization Object C_DRAW_STA (Document Status)

The following table shows authorization object C_DRAW_STA. This object controls which status(es) can be set for which document type.

Fields

Description

DOKAR (Document type)

 

DOKST (Document status)

The statuses are allowed for this document type.

Authorization Object C_DRAW_BGR (Authorization Group)

The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.

Fields

Possible Values

Description

BEGRU (Authorization group)

0000 - ZZZZ

Used to restrict the authorizations for document maintenance further.

Authorization object C_DRAW_BGR can be used to restrict access to individual documents. It works like a simple on/off switch. If the check of object C_DRAW_BGR is fine, the user's authorization can be further restricted by checking C_DRAW_TCD (check only based on the document type) or C_DRAW_TCS (check of the

combination of document type and status). At the fifth level there is a BADI called DOCUMENT_AUTH01, which you can use to design your own authority check.

Authorization Object C_DRAW_DOK (Document Access)

The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.

Fields

Possible Values

Description

ACTVT (Activity)

52 53 54 55 56 57

Change application start Display application start Display archive application Change archive application Display archive Store archive

DOKAR (Document type)

 

Here you enter the document type that access to original data is allowed for.

Authorization Object C_DRAD_OBJ (Object Link)

The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.

Fields

Possible Values

Description

ACTVT (Activity)

01 02 03 06

Create Change Display Delete

DOKOB (Object)

 

You must enter the data base table for the objects here (for example, MARA for material record).

STATUS (Document status)

 

 

The logic of checking DMS authorization objects

Every authorization check is done independently and in a certain sequence. In DMS the levels of authorization check are:

1. Transaction Code

2. C_DRAW_BGR

3. C_DRAW_TCD

4. C_DRAW_TCS

5. USER

Further useful authorization objects in DMS

C_DRZA_TCD-------->ACTIVITIES FOR RECIPIENT LISTS

C_DRZI_TCD-------->DISTRIBUTION ORDER

C_DRAW_MUP------>AUTHORIZATION FOR MARKUP (AUTHORIZATION ASSIGNMENT FOR EDITING LAYER IN REDLINING)

For more information on the authorization objects in DMS, kindly consider the online documentation.

Back