cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Admin user for portfolio item not authorized to delete item

Go to solution
Former Member

on ‎05-28-2014 4:54 PM

0 Kudos

Hello experts, we are having the following issue:

The user who created a portfolio item, and has Admin authorization assigned, cannot delete the item. The following message appears:

"User xx is not authorized for the activity DELETE of object 1xxxxx"

It seems to be something related with authorizations, but on SU53 the only authorization object that appears is ACP_SUPER, which we understand is a super user authorization and we should not assign to final users

The related Portfolio management system roles assigned to user are:

  • SAP_XRPM_USER
  • Create + Write authorizations at the bucket level
  • And the user has admin authorization for the item. See atached screenshots

Do we need to assign authorizations for activities in ACO_SUPER object?  (we don't think so)

Is any other role or authorization missing?

thanks in advance for the help

Roberto

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-03-2014 11:00 AM
0 Kudos

Hi Roberto,

ACL inheritance works as follows.

  • Portfolio –> Bucket
  • Bucket –> Bucket
  • Bucket –> Item
  • Bucket –> Review
  • Bucket –> Collection
  • Item –> Decision Point
  • Bucket –> Initiative
  • Initiative –> Decision Point
  • Initiative –> Phase
  • Initiative –>Item of Initiative

Creator gets ADMIN by default for the object and the child objects. It means that if a user has created a portfolio he should have ADMIN for all the objects below it as you are assuming.

But with whatever inputs you have given here i assume you have changed the ACL of the user at the BUCKET level to CREATE+WRITE which gives him only CHANGE authority for the child objects and not DELETE. Because in this case ACL at BUCKET level takes precedence.

Show replies
Show replies
Former Member
‎06-04-2014 8:49 AM
0 Kudos


Thanks Saurabh,

so I understand that for a user to be able to delete an item/initiative (in general any object inside a bucket) the user must be also Admin at least for the bucket in which the object was created.

That being an Admin for an item / initiative does not allow you to delete the item / initiative, you need to be admin for the bucket in which it was created.

We will assign a role with Admin ACL at bucket level to the proper users, so far we had only given them Create + Write.

thanks, Roberto

Answers (3)

Answers (3)

Former Member
‎06-03-2014 11:02 AM
0 Kudos

Additonally you may also want to check if there are any enhancements which might be restricting this. You can check if you have enhanced the authorizations using /RPM/AUTHORIZATIONS BADI.

Thanks and Regards

Saurabh

Show replies
Show replies
anuradha_majumdar
Active Participant
‎05-30-2014 5:35 AM
0 Kudos

Hi Roberto,

I am also facing this issue. I have raised a ticket with SAP, waiting for a reply.

What I observer is if a user has admin auth at bucket level then he is able to delete. But if he has only read and create(item) auth at bucket level then he gets the error.

Regards,

Anuradha

Show replies
Show replies
rabikiran_sahu
Participant
‎05-29-2014 1:14 PM
0 Kudos

Hi Roberto,

Please check with your technical team , it seems to be a Custom Enhancement in the webdynpro component for displaying this error message.

Thanks,

Rabi

Show replies
Show replies
Ask a Question