on 02-27-2013 6:01 PM
Hi Experts,
I have a customer request to allow ADMIN access for some users for network activity ONLY, keeping all objects in PS structure in READ access using ACL functionality and its inheritage.
We have performed some tests and the system behaviour is like the inherited ACL has priority above object ACL.
Do you already have this kind of request? Does anybody know how to handle this issue using ACL instead of access profile from Basis?
Thanks,
James R. M. Francisco
Hi,
As per the requirement we can restrict the Project Structure as per the business requirement.
In ACL there are 3 options: NO ACL , Inherit ACL , No Inherit.
I hope your requirement suits for NO Inherit, then as per the business design , it can defined ADMIN or Read ACL option.
Regards,
VRKUMAR
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear James,
Yes, Your requirement can be fesible, We can design the ACL till Network Activity level with multiple options of ACL, by following certain config changes:
As per the your requirement ACL should be Inherited as Read for all the Project WBS, but only your requirement is to restrict at Netwrok activity level with ADMIN ACL rights.
For that please follow try these procedure:
1. Select ACL Inheritance option in OPSA ( Project Profile ) .
2. Select NO Inheritance Option ACL option in ( Acces Contro LIst ) OPUU ( Network Profile ), to restrict the activity level , Since Inheritance tab will not be activated in Network activity, and you can provide any ACL acces as per the business requirement , irrespective of Newtork,/ WBS ACL authin Network activity.
Please try this , I hope it might b e Useful for your scenario.
Regards,
VRKUMAR
Hi Kumar,
Thanks again for the valuable information.
I have made all settings as per your advice but still did not met the requirement.
I can limit the access up to Network Header level, but not to activity individually.
Is there any other suggestion before we move to access profile utilization?
Thanks,
James
H James,
As per the requirement , we can restrict the user till Network activity level, As per the earlier discussion, please maintain in OPUU: Netwrok Default : ( Access Control List ) : Select the Option of ACL ( No Inhr ) .
And dont check any option of Inheritance option , leave it blank.
And one more option, the person who creates the Network activity will have default option of ADMIn copied from Network, that ADMIN creator can restrict other business users, by adding the Network activity as READ, So whom ever the the Network Creator gives ACL auth for them only they can access Network activity, Since we had taken the option of NO Inherit in Network Profile .
I hope this will solve your requirement.
Regards,
Rajesh
User | Count |
---|---|
88 | |
7 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.