cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PPM Authorisation requirement

Former Member

on ‎04-07-2015 12:17 PM

0 Kudos

Hi PPM Guru,

We have very simple requirement where,-

Program Manager:

1. should able to Create/Change Portfolio Bucket & Portfolio Initiative

2. should able to display Portfolio Item (No authorisation to update)

Project Manager

1. should able to display only Portfolio Bucket & Portfolio Initiative (No authorisation to update)

2. should able to Create/Change Portfolio Item under Portfolio Initiative.

Hierarchy is very simple like,-

Bucket

Initiative underneath bucket

Item underneath Initiative

No Separate creation of Item by passing Initiative.

Program Manager: mapped with ACO_SUPER in PFCG role as "Admin" access and Project Manager has given ACL access in bucket with "Read" and "Create" access under miscellaneous->Authorisation.

Project Manager: mapped with ACO_SUPER in PFCG role as "Read" access.


We found,-


Project manager also needs to add in Initiative ACL with "write" access manually. Does Authorisation from bucket do not inherit to Initiative automatically? If we provide "Write" access then Project manager will able to change Initiative which is our business is not supporting.


What are the best way using Standard SAP PPM Authorisation functionality we can use to achieve above business requirements without ABAP customisation?


Best Regards, Diana

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎04-13-2015 10:43 PM
0 Kudos

Hi Diana,

I did briefly try this in my system with a user who only has read access to the initiative, and the user was able to "create" an item from the assigned items tab of the initiative. "add" was not possible.

Main difference with my setup is that I am not using ACO_SUPER for any end user roles, however, since ACO_SUPER provides more authorization, I am not sure why it does not work for you. Although I do not recommend using ACO_SUPER for end user roles, the way you have set things up should work for your requirement.

Initiatives will inherit authorization from Portfolio or Bucket just like any other portfolio object. Can you go to your initiative and in the authorization tab click "show all" just to make sure the inheritance is working? I am assuming you already tried create an item standalone and it works.

Can you also describe what happens when the project manager with read access tries to create an item below the initiative? Can the user access the initiative at all? Is the "create" button in assigned items tab disabled?

Hope that helps.

Lashan

Show replies
Show replies
francesco_pezzoli
Active Participant
‎04-10-2015 8:47 AM
0 Kudos

Hello Diana,

Does setting global switch 0007/0018 "Item Creation Without Parent Admin" help in any way? You can refer to SAP note 1235897 for a description of this switch.

Best regards
Francesco

Show replies
Show replies
Ask a Question