on 12-12-2008 2:50 AM
We do not want to use ACL (Authorization at the Project level) to grant authorization. We are looking for a way to have this authorization by roles. Not too sure if the minutest of details can be controlled by authorization objects.
Of the few requirements that we have, one goes as follows:
1. We need a role of "Resource Manager" to be able to view all projects. However, this role must not be able to edit the project structure. This is possible. However, another requirement that we have is that this role must have all "admin" level access at the "Resources" level. Which means, this role must be able to staff roles and assign tasks to roles and resources, but must have read-only access to the project structure.
Can this be done?
2. Another requirement is with regard to status management. We want a role to have the authorization to set only select statusses. We have a combination of standard and custom stasusses in the status profile that we are using. We look to control the access for roles by which one role can only set a few of these statusses.
Can this be done?
Thanks and Regards...
Hi Peter,
We have exactly the same need, and unfortunately everything is not solved yet.
1/ In standard, there is no distinction between project and role authorizations. This means you need 'admin' auth at project level if you want to manage the roles. We created an OSS message for this, and SAP answer was to create a development request --> Until then, and if we get a positive answer, nothing can be done to separate project & role authorizations. So there is no solution today.
2/ For the statuses, we add to enhance class CL_DPR_STATUS_MANAGEMENT, methods GET_PERMITTED_USER_STATUS and/or GET_PERMITTED_ACTIVITIES. Thanks to this, we are now able to filter the status list that is populated in the screen.
Regards,
Matthias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi wt is the transaction of XRPM or ACL in SAP WAS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi,
my suggestion is u create customized roles and give authorizationas per your requirement.
go to tcode pfcg, here u can create role. and u can add authorization objects also.
e.g i have created role Z_RESOURCE_CPROJECTS
select authorization tab, and then click on chnage authorization data.
evn u can add standard roles under this role.
Thanks
Amit
note: award points for useful answer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
12 | |
6 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.