cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization to muliple people based on person responsible field - SAP PS

Former Member
0 Kudos

Hi All,

I have a question related to security authorization. We have a requirement where multiple people should get access (Create/Change/Display) to CJ20N transaction and also forecasting / planning / budgeting / reporting transactions based on the value in Person Responsible field.

Here is a example.

Project : 10000

WBS Element : 10000.001 Person Responsible value: Joe

WBS Element : 10000.002 Person Responsible value: Joe

WBS Element : 10000.003 Person Responsible value: Tim

Joe has access to planning / budgeting / reporting transaction associated with Project System. He can only access Projects / WBS Elements where his name is appearing in u201CPerson Responsibleu201D field. Joe wants to share some of his responsibilities with Mark. Part of this work-sharing, Mark need access to all the Project/WBS Elements on which Joe is listed as u201CPerson Responsibleu201D. Also he needs access to all those transactions code which Joe has access to.

We have following questions:

1. Is it possible for Mark to get authorization to update (master / plan / budget / actuals / commitment) data and view reports associated with WBS Elements where Joe is listed as u201CPerson Responsibleu201D? Is there any standard solution to meet this requirement? If yes, then what is it?

2. This question is adding more complexity to scenario listed in question 1. Is it possible for multiple people to have above mentioned (question 1) access to Joeu2019s Project/WBS Elements?

3. Is it possible to share certain tasks (for e.g. Mark can only do planning for Joeu2019s project, Henry can do budgeting for Joeu2019s Project) to individual or group even though their name is not appearing anywhere in the project structure?

We are looking for guidance to meet those requirements using standard SAP functionality. Based on your experiences, are there any suggestions to meet this requirement if standard solution is not available?

Your advice is greatly appreciated.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

An abstraction layer (Portal?) and authorization engine (Workflow?) would be the most obvious thing to consider for such a requirement.

> We are looking for guidance to meet those requirements using standard SAP functionality.

Armed only with SAPGui and SPRO I cannot see this happening.

Add BAPI's, webservices and the NW Developer Studio to that and you might get away with it without too much coding involved.

As you have asked this in the security forum, you should take care of access to change the responsible person. E.g. how to control the proliferation of this?:

>Also he needs access to all those transactions code which Joe has access to.

The authorization engine should ideally not have this generic capability either so that you can analyze the access, as well as report on who has access to a responsible person and whether the access provides historical responsibilities as well.

That part will be much more tricky than the development work...

Cheers,

Julius

Answers (0)