cancel
Showing results for 
Search instead for 
Did you mean: 

ACL (Access Control List) in Network Activity

0 Kudos

Hi Experts,

I have a customer request to allow ADMIN access for some users for network activity ONLY, keeping all objects in PS structure in READ access using ACL functionality and its inheritage.

We have performed some tests and the system behaviour is like the inherited ACL has priority above object ACL.

Do you already have this kind of request? Does anybody know how to handle this issue using ACL instead of access profile from Basis?

Thanks,

James R. M. Francisco

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi,

As per the requirement we can restrict the Project Structure as per the business requirement.

In ACL there are 3 options: NO ACL , Inherit ACL , No Inherit.

I hope your requirement suits for NO Inherit, then as per the business design , it can defined ADMIN or Read ACL option.

Regards,

VRKUMAR

0 Kudos

Hi Kumar,

Thanks for clarifying!

As a matter of fact. I need to allow ADMIN access for Network Activity only, despite the whole hierarchy with Inherit ACL with READ status.

Do you  think it is possible?

Thanks,

James

Former Member
0 Kudos

Dear James,

Yes, Your requirement can be fesible, We can design the ACL till Network Activity level with multiple options of ACL,  by following certain config changes:

As per the your requirement ACL should be Inherited as Read for all the Project WBS, but only your requirement is to restrict at Netwrok activity level with ADMIN ACL rights.

For that please follow try these procedure:

1. Select ACL Inheritance option in OPSA ( Project Profile ) .

2. Select NO Inheritance Option ACL option in ( Acces Contro LIst )  OPUU ( Network Profile ), to restrict the activity level , Since Inheritance tab will not be activated in Network activity, and you can provide any ACL acces as per the business requirement , irrespective of Newtork,/ WBS ACL authin Network activity.

Please try this , I hope it might b e Useful for your scenario.

Regards,

VRKUMAR

0 Kudos

Hi Kumar,

Thanks again for the valuable information.

I have made all settings as per your advice but still did not met the requirement.

I can limit the access up to Network Header level, but not to activity individually.

Is there any other suggestion before we move to access profile utilization?

Thanks,

James

Former Member
0 Kudos

H James,

As per the requirement , we can restrict the user till Network activity level, As per the earlier discussion, please maintain in OPUU: Netwrok Default : ( Access Control List ) : Select the Option of ACL ( No Inhr ) .

And dont check any option of Inheritance option , leave it blank.

And one more option, the person who creates the Network activity will have default option of ADMIn copied from Network, that ADMIN creator can restrict other business users, by adding the Network activity as READ, So whom ever the the Network Creator gives ACL auth for them only they can access Network activity, Since we had taken the option of NO Inherit in Network Profile .

I hope this will solve your requirement.

Regards,

Rajesh

0 Kudos

Hi Rajesh,

It did work!

Thanks for helping!

Regards,

James

Answers (0)