on 2019 May 05 4:54 PM
Hello Experts,
I have basic query, I am aware that this question have been raised multiple times, but still I am confused. Please assist.
My requirement is basic and clear.
We have 2 portfolio's and one central IT team to provide access to user's
Portfolio A
Portfolio B
Central IT Team should have Admin Role and Authorization to provide Access to user's respective to their Portfolio
Portfolio A user's should not be able to access/open Portfolio B Item details.
Which Authorization model should be used here, As I understand Admin can maintain user's in miscellaneous tab in Portfolio which can be copied to Bucket and then to Item level.
I want bit more understanding and Roles details.
Central IT Team
Which roles should be assigned to them so that they can assign User's and authorizations
(e.g. SAP_XRPM_ADMINISTRATOR ???) I am not sure.. pls advise
User's
Which roles should be assigned to them (& which role should not) so that they can only access Items of the portfolio they are working.
( e.g SAP_BPR_PPM & SAP_XRPM_USER ???) I am not sure.. pls advise
Prerequisites
Any configuration to be done in PPM SPRO / Global settings / Switches / Item type/Portfolio to enable ACL authorization functionality??
If any other way to control this requirement, please advise, it would be really appreciable.
I believe their is no way to control authorization in PPM based on Portfolio Type, Item Type particularly like in SAP PS, we have objects to control through Project Profile. Please assist in this regard.
Regards
Gaurav
Hi Gaurav,
If you use SAP Project and Portfolio Management without the Fiori user interface, authorizations are controlled in the following ways:
ABAP authorization objects and roles: This is the standard method for controlling access to transactions and programs in an SAP ABAP system. Authorizations are combined in an authorization profile that is associated with a role. User administrators can then assign the corresponding roles via the user master record, so that the user can access the appropriate transactions for his or her tasks. An example:
Access control lists (ACL). These allow you to add another level of security by controlling authorization at object level. For example, you can control who has authorization to view a particular Portfolio or to create Item within a particular Bucket. You can do so from the Portfolio Management UI on the object’s miscellaneous à Authorizations tab page, there you can set Admin, Write, Read or Create authorization to users or to Z* Role to be assigned to particular users.
An example of implementation could be:
Central IT Team
If they IT team as SAP_ALL authorization they do not need addition
authorization, otherwise you can give them SAP_XRPM_ADMINISTRATOR, SAP_BPR_PPM and you can set
them Admin in both Portfolios
User's
Give them ZSAP_BPR_PPM (adapt the standard with the requirement) &
SAP_XRPM_USER, then create at least two Z* role to control the authorizations
based on portfolio. Assign the “ZPORTFOLIOVIEWX” to the users in the backend
and to the portfolio from the user interface.
You can adapt this draft to your requirements.
Kind regards,
Matteo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi matteo,
Apologies for my late response!
I have few queries over here.
Query 1
There are 2 responsibility's.
1. User A - Should be able to create Item, Trigger project from PPM to PS by selecting Template.
2. User B - Should be able to View, change item created by User A but should not be able to trigger project in PS by selecting template (Create Project on Saving Checkbox). How this can be done ??
Query 2
Adding an additional field at item level, what is recommendable -
Custom Component tab (Key data - refer attached image) or adding an additional field in standard tabs like
(Basic Information, Additional Information, Financial Information)
please advise reason and benefits also?
Also advise if I add field in table (/rpm/item_d) and assign to additional information group through customization -
1. How this fields be visible in one item type and not for other item type's?
2. How F4 values in field can be added?
Regards
Gaurav Ahuja
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.