Idea Details

Optimize handling of read-only access

Last activity 05-16-2019 08:28 AM
AxelLambrecht's profile image
05-16-2019 06:00 AM


IDEA of minimum solution:

when user is allowed to read (but only misses write access) an object

then do not log anything - just simply open in R/O mode

IDEA of optimal solution:

In addition to "minimum": Allow users to open an object in an explicit "read-only" mode ("show" instead of "edit") to avoid blocking


Background: current situation

-- logging --

currently 2 types of messages exist and are logged (4505+4506), where in both situations the user were allowed to read:

U00004505 Access violation: User: 'M.../...' Object: 'P29_...' Access type: 'W' Reason: prohibition in authorization profile: 'ADMIN_...'.

U00004519 Access violation details: Used filter: 'JOBS/P29_.../P29_HOSTG...//P29_LOGIN_...///' .

--> 4505 is already logged when only selecting the object in explorer view - even without opening

U00004506 Access violation: User: 'VISITOR_SAP_.../...' Object: 'UC4_SAP_...' Access: 'W' Reason: No right found in authorization group '3'.

U00004519 Access violation details: Used filter: 'JOBS/UC4_SAP_.../<UNIX>/////' .

-- open object --

if user has the necessary auth. then an object is always opened in modification mode and the object is locked (blocked againts other users) -

but sometimes user has no update intention and only wants to read/check/monitor, so object blocking is not needed


05-16-2019 08:28 AM

I especially like the optimal solution proposal of having a separate 'Show' menu option to go along with the 'Edit' option.  There are plenty of times when those of us with edit rights aren't intending to edit/lock items from other users.  (Perhaps the user options could let us toggle whether 'Show' or 'Edit' would be our default menu action.)