Kontakt

Ansicht
Dokumentation

DAM_ASSET - Authorization Objects

DAM_ASSET - Authorization Objects

TXBHW - Original Tax Base Amount in Local Currency   Addresses (Business Address Services)  
This documentation is copyright by SAP AG.
SAP E-Book

You adjust authorization objects in User Maintenance.

Authorization Object DAM_ASSET

For DAM, in the standard system, the authorization object DAM_ASSET is delivered, in which you can define the following authorization fields:

  • Activity (ACTVT)
You use this authorization field to define what the user can do when calling functions from DAM.
The activities are valid both for the digital asset (LOIO) and for the versions of a digital asset (PHIO). Possible values here are:
  • Display:

The user can look at digital assets but cannot change them. This activity is then particularly important if a digital asset has been locked by another user. Unless the logged-on user has the authority to display a particular digital asset, for example, during qualification, then he or she cannot see the locked or unlocked digital asset.
  • CREATE_OR_GENERATE: This enables uploading of the digital asset by using a function in the portal. For the newly uploaded digital asset, the standard properties for non-qualified digital assets apply. For more information, see Map Initial Values Within Authorization Check

  • CHANGE: The user can change digital assets and their properties, regardless of whether he or she created them personally or not.

  • CHANGE_OWN: The user can change his or her own digital assets and their properties.

  • DOWNLOAD:

This enables the download of digital assets. Note that there is another authorization object for downloading digital assets: DAM_ASSACC.
  • CHANGE_STATUS:

The activity CHANGE_STATUS gives the user the authorization to change the document status of all versions of the digital asset.
  • Change Security Status (CHANGE_SEC_STATUS):

The activity CHANGE_SEC_STATUS gives the user the authorization to change the security status of all versions of a digital asset.
  • DAM document type: Here, you specify the document type that the user can see and process.
  • PHIO document status, for example:
  • INITIAL

  • UNDER_REVIEW

  • EFFECTIVE

  • EXPIRED

  • PHIO security status, for example:
  • INTERNAL

  • CONFIDENTIAL

  • PUBLIC

Document- and Security Status
These two statuses are delivered by SAP as security-relevant and you should not change them. For more information about this subject, see Map LOIO Properties of Class System to Auth. Object DAM_ASSET.
  • Property 1
  • Property 2
  • Property 3
  • Property 4
  • Property 5
In the IMG activity Map LOIO Properties of Class System to Auth. Object DAM_ASSET, you specify additional security-relevant properties for digital assets , for example, Property 1 = Sales Area and Property 2 = Division.
Here in the authorization object, you can specify which values these properties can have, for example: Property 1 (= Sales Area) = South-West and Property 2 (= Division) = Mobile Phone.
In role maintenance, you can lock all unused properties by using two apostrophes ('').
During the check, empty, unused property fields are given initial values.

Default Value DEFUP

If the user uploads unqualified digital assets, the system gives these digital assets initial properties, each with a value, for example, DEFUP. You can also change this value.

So that the user can upload digital assets, the corresponding authorization fields in the user's authorizations must have the value DEFUP.

For more information about the default values, see Map Initial Values Within Authorization Check.

Required Activities Dependent on Tasks

We recommend that you assign suitable activities to your users depending on your user's tasks. The following section contains a list of possible tasks and the activities in the authorization object required for them:

  • To upload digital assets, you require the CREATE- and CHANGE, or CHANGE_OWN activities, because the initial values are assigned automatically to the new digital asset.
  • If the user is to be able to change digital assets, then he or she requires the CHANGE- or CHANGE_OWN activities. The user can only change the properties for which he or she has CHANGE or CHANGE_OWN authorization.
We recommend that you correspondingly give the user the DISPLAY activity too.
  • To change the document status, the user requires the CHANGE_STATUS-, and CHANGE- or CHANGE_OWN activities.
  • To change the security status, the user requires the CHANGE_SECURITY_STATUS-, and CHANGE- or CHANGE_OWN activities.

Access to Digital Assets with Legal Information

Legal information can be assigned to the version of a digital asset or be inherited from another higher-level version of a digital asset.

All legal information has the property Valid To. If the specified date lies in the past, the legal information is not valid because it has expired.

With regard to legal information, the version of a digital asset has two properties from Content Management:

  • DAM_HAS_RIGHT: This shows whether legal information exists, without checking if it is valid or not. Value: >= 0
  • DAM_RIGHT_INVALID: This shows that at least one assigned item of legal information is no longer valid.

If you want to use the DAM_HAS_RIGHT- and DAM_RIGHT_INVALID properties, specify them beforehand as security-relevant properties in the IMG activity Map LOIO Properties of Class System to Auth. Object DAM_ASSET.

The following scenarios may appear here:

  • The rights play no role and the properties do not appear in the list of security-relevant properties. Hence you do not require special Customizing.
  • You want to restrict access to digital assets with expired rights. To do this, maintain property DAM_RIGHT_INVALID in the security-relevant properties. A user that is not permitted to see digital assets with expired rights should have a blank value ('') in his or her assigned authorizations. If the user is also to be able to see digital assets with expired rights, you should maintain the assigned authorizations with an asterisk (*).
  • In addition to the above checks for expired rights, you can check whether general rights have been specified for the digital asset. To do this, maintain the property DAM_HAS_RIGHT in the security-relevant properties. A user that is only permitted to see digital assets without assigned rights should have a blank value ('') in his or her assigned authorizations. For a user permitted to see digital assets with assigned rights, you should maintain the assigned authorizations with an asterisk (*). By using property DAM_RIGHT_INVALID, you can control whether this right needs to be valid or not.

Authorization Object DAM_ASSACC

The user can access digital assets via a number of paths, for example, FTP or mass transfer. For each user name, a home directory is created, with the subfolders FTP and MASS_TRANSFER in the file system. The authorization object DAM_ASSACC controls access to this folder and can also be assigned to the authorization check of a role.

In contrast to the authorization object DAM_ASSET, the object DAM_ASSACC is not dependent on the properties of the digital asset, the type of the digital asset, and the status. It only specifies the access path.

It contains the DAM_ACCWAY authorization field, which can assume the following values that have already been created in the system:

  • Synchronous download (SDOWNLOAD)
  • Notification by e-mail (SE_MAIL)
  • Download via File Transfer Protocol (FTP) (SFTP)
  • Download via mass transfer (SMASS_TRANS)
  • Use of mass update (SMASS_UPDAT)
For administrators and power users who should have the ability to change more than one digital asset at a time, an additional mass update button is shown. Users without this authorization do not see this button.
If the user has the authorization for mass updates, he or she also requires the CHANGE activity in the authorization object DAM_ASSET.
  • Other access options defined by the customer
  • Creating the TRX index (SINDEX_CRA)
To create the index,you require a service user that has authorization SINDEX_CRA for field DAM_ACCWAY of authorization object DAM_ASSACC.
Note:
You must define the name of the service user in Maintain General Settings in DAM under the key CRM_DAM_SERVICE_USER.
For security reasons, you should only assign this authorization to this service user.
In authorization object DAM_ASSET, the service user should have unrestricted authorization for the activity "Display".
Furthermore, the technical user also requires all basic authorizations for DAM as described in Additional Required Authorizations.
  • Delete Digital Assets (SDELETE)
The administrator's prerogative to delete digital assets or versions of a digital asset (SDELETE)
We recommend that only an administrator has the authorization to delete digital assts from the delivered report CRM_DAM_DELETE_UPLOAD. The report checks the authorization when it deletes digital assets or versions of digital assets.
Additionally, to make deletions in the authorization object DAM_ASSET, the administrator requires authorization for the CHANGE activity.

Create User-Defined Access Options

Besides the access options named above, you can also create authorizations for additional access options.

If you want to create values for the authorization object DAM_ASSACC, you can create them in the IMG activity Specify Access Types. The customer namespace begins with Y* and Z*, for example, ZFTP_2 for a second FTP server.

Authorization Object DAM_RELASS

Only administrators should be able to rerelease locked digital assets. The authorization object DAM_RELASS protects the use of the release tool. The administrator only gets authorization if the DAM_REL_LOCK field in the DAM_RELASS object has the value X.

No other users can have this authorization.






CPI1466 during Backup   CPI1466 during Backup  
This documentation is copyright by SAP AG.

Length: 12917 Date: 20240606 Time: 014810     sap01-206 ( 178 ms )