cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP CPI Access Policy - User restricted for artifact but able to modify access policy

Mugdha
Discoverer

on ‎07-03-2023 9:22 AM

0 Kudos

Hello,

I have implemented Access Policy feature and it is working fine. The user is restricted to edit/download etc iflows mentioned in Access Policy.

But the issue is that user is able to Modify Access Policy itself. So ideally this query more towards the role collection given to user which needs to take a look at.

Any suggestions on which role collection (We are on CF) could be removed/not given to this user such that he still able to develop test etc in tenant but does not have edit access for Access Policy

Thank you so much for your valuable inputs on this!!

Thanks

Mugdha

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Sriprasadsbhat
Active Contributor
‎07-03-2023 12:25 PM
0 Kudos

Hello Mugda,

Access policy related roles are by default part of role collection IntegrationAdministrator .If developer has this admin role then he will be able to by default sit access policy.You need to create custom role collection and them provide only required roles(like accessPolicy)

Regards,

Sri

Show replies
Show replies
Sriprasadsbhat
Active Contributor
‎07-03-2023 10:33 AM
0 Kudos

Hello Mughda,

You will not be able to achieve this with different role collections provided by SAP.You can create custom role collection and make sure you will provide below mentioned roles to only required users.

Regards,

Sriprasad Shivaram Bhat

Show replies
Show replies
Mugdha
Discoverer
‎07-03-2023 12:01 PM
0 Kudos

Hi Sripad,

The user who is restricted, does not have any of this roles/collection as in your screenshot. So I am looking for role/roles this user should not have which enables him/her to edit Access Policy. Do you have any further to suggest?

Thanks for your response.

Mugdha

Karunaharan
Product and Topic Expert
Product and Topic Expert
‎07-03-2023 9:57 AM
0 Kudos

Hi Mugdha,

Only a "tenant administrator" persona can manage access policies. From what you say, the other user might also have the admin role. Please remove the admin role for that user.

Hope this helps.

- Karuna

Show replies
Show replies
Mugdha
Discoverer
‎07-05-2023 2:12 PM
0 Kudos

Hello,

The user does not have tenant admin role. Rather has only Integration Developer, Business Expert, Connectivity and Destination Adminstration,sub account viewer roles assigned

Any other thought?

Mugdha

Rajhans
Discoverer
‎07-03-2023 9:46 AM
0 Kudos

Hi Mugdha,

You could try providing specific role templates such as WorkspacePackagesEdit.

Please refer below link for complete list of the role templates for Cloud Foundry:
https://help.sap.com/docs/cloud-integration/sap-cloud-integration/tasks-and-permissions?locale=en-US

Show replies
Show replies
Ask a Question