How access restrictions work in a Project in SAP C...
Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
What is this newly introduced option called Access Level
What happens to existing Projects with this change
How can you use it
so let's get started.
you may also want to watch the video
Before you proceed please ensure you are familiar with the difference between Project roles and authorization roles. If not please read this Blog Post
or watch this video
What is the access level?
Access level in a Project is a newly introduced option that is offered during Project creation with three values
Public
This option should be used if a Project lead wants the editing rights of artifacts in the Project to be open to all tenant users as long as they have a Project Member or higher authorization. This means the Project lead does not need to explicitly assign people to the Project and give them a Project role. As long as someone has the proper authorization role, he or she can freely edit things in a Project even if this person is not assigned to any Team or any Project role within the Project
Restricted
In case the Project lead wants to control the editing of artifacts of a Project but make them easily available to all the different tenant users, this option should be used. This means only the persons explicitly assigned to a Project and having a Project role can edit the artifacts of the Project but all other tenant users can view the artifacts in the Project as long as they have a Project viewer authorization role or higher
Note: You can end up losing editing rights if you remove yourself from the Project and set access level to Restricted . So Please ensure you remain as Project Lead or Project member in that specific Project before you perform this change.
Private
This option should be used in case the Project deals with sensitive information and even the name of the Project is confidential. The display and edit access of the Project will be limited to only the users which are explicitly assigned to at least one Team in a Project in a Project role
Note: You can end up losing viewing and editing rights if you remove yourself from the Project and set it to Private. You can infact lock yourself out. So Please ensure you remain as Project Lead or at least a Project member in that specific Project before you perform this change.
What happens to existing Projects
Existing projects will be set to access level Public. Please ensure this is correct or change the access level as per your needs
What happens to newly created Projects
Newly created Projects get the access level Restricted by default. This can be easily changed anytime.
How to use Access Level
A Project lead needs to decide what kind of information is in a Project. As an example, you can use the below hints
If the Project needs wide collaboration with an organization - Set to Public
If the Project needs to be controlled edit but transparency for reading information - Set to Restricted
If the Project information is sensitive or valid only for a controlled group - Set to Private
Is there any fine Print
You need to understand that if a Project is set to Private, it will not appear in search results for nonproject members. In case you have a Deployment Plan which is assigned to a Private Project,
For a person who has access to Project, the Deployment Plan will look like
But if the logged-in person is not assigned to the Private Project the name of the Project will not appear in the assigned Projects section and will appear anonymized
Also, you need to be careful when making a Project Restricted or Private as you may lose editing rights
You also need to be aware that a Project Administrator can still access information for a Private Project
Is there more detailed information
This is the most detailed matrix to understand
How to read this matrix
First of all, you need to understand that when you assign anyone as Project Lead in a Project ie give him the Project role "Project Lead", he also gets the authorization role "Project Lead". When you give a Project role such as Business Expert or Analytics Expert, he gets a "Project Member" authorization role. So it's important to know this mapping
so at the end of the day, any project member is assigned as a Project Lead or Not as a Project lead
And now let's focus on one row of this matrix
So let's assume Business Expert Betty working in Project A ( Project role: Business Process Expert, Authorisation role: Project member in Project A ) looking a Project B where is she is not assigned. In this case Project B is set to Restricted. Since Betty is having a Project member authorization
the relevant record is
so Betty will be able to Display Project B and its artifacts and not edit them