Endevor

 View Only
  • 1.  Approvers and Package Creates

    Posted Sep 04, 2014 10:53 AM

    Is there a fairly easy way to restrict users within an Approver Group from having the ability to create packages? THANKS



  • 2.  Re: Approvers and Package Creates
    Best Answer

    Posted Sep 05, 2014 03:48 AM

    Hi Dan,

    as an organisational solution (1) you could (let) check and adapt the permissions of a user, when his userid is added to an approver-group. An alternative with only nearly the same effect, (2) you could use Exit-7, when PECBSFCD equal to 2,3,4,5, and do a RACROUTE REQUEST=AUTH to check if the user has permission to approve packages and then deny the package-action in exit-7.

    If your intention is to enforce the four-eyes-principle, (3) you could use exit-7 PRCBSFCD equal 0 (approve-action) and check and deny this package-action, if the userid is the same as userid of cast and/or creation etc.

    Success!

    Josef



  • 3.  Re: Approvers and Package Creates

    Posted Sep 06, 2014 04:41 PM

    Dan,

    If you define the Package area of the BC1TNEQU table and if you have the ESI feature then YES you restrict users that approve packages from creating a package.

    This eliminates the need for an EXIT.

     

    Russ



  • 4.  Re: Approvers and Package Creates

    Posted Sep 09, 2014 04:32 PM

    Thank you all for the feeback. We just activated ESI at our site last month so we will pursue this option.