on 08-26-2015 10:52 AM
Hi All,
We are implementing PPM5.0 currently and we are having trouble with the initial security configuration. Needless to say, the official security guide is vague at best.
The guide mentions the use of Access Control Lists (ACL) to control who has authorization to change a particular project definition or collaboration. Is there a WIKI anywhere on how to do this?
I've also read elsewhere that we should completely restrict the use of the authorisation object ACO_SUPER in the AS and mainly grant access using the ACL's. Is this a good approach to take?
All help greatly appreciated.
Regards,
Colin
Hi Colin,
You might find the discussion below useful. I have explained my opinion why ACO_SUPER should not be used, but feel free to get back if any questions.
http://scn.sap.com/thread/3452522
Regards,
Lashan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The ACL's are located in authorization tab of the object (i.e. portfolio, item, project, etc). In the portfolio management area it is under the miscellaneous tab of the object (assuming you using the standard UI). In the project you will find the authorization tab at the project definition level as well as for all project elements such as phases and tasks.
So there is no "admin console" per se, the administrator (user with "admin" ACL authorization) of each object will manage the authorization. Generally, using a combination of inheritance (from Portfolio to Bucket to Item AND Project to project elements) and DFM (Portfolio Item to/from Project), you would set things up such that manually editing of ACL's are done by exception only when you want to override inherited or synchronized authorization.
Thanks again Lashan,
That's spot on. One last questions for you: in order to restrict access to the main tabs in the NWBC screens (Portfolio Management, My Portfolio Objects etc.), do we just need to copy the SAP std role SAP_BPR_PPM and remove the WebDynpros we are trying to restrict by?
Regards,
Colin
User | Count |
---|---|
12 | |
7 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.