cancel
Showing results for 
Search instead for 
Did you mean: 

ACE questions

Former Member
0 Kudos

Hi everyone. So we've implemented ace in production and are rolling out a new WebUI to our users. I have some questions.

1. As we roll out new users that haven't been ACEd yet, do I need to refresh the activation of the rights over for each new group of users? Or just update the user context and object context?

2. I've maintained the ACE parameter ACE_UCT_EXPIRATION_SECONDS and made it equal to 600 seconds, but it doesn't seem to update the user context automatically when we add new users.

3. If a BP get attached to new relationships, will ACE automatically redetermine?

I could use some help on the basic rules of maintaining and activating ACE after changes, so it doesn't interfere with the user's access while running.

Thanks,

Cathy

Modearation: Please, avoid "I need answer" statements

Edited by: Joaquin Fornas on Nov 15, 2011 8:55 AM

Accepted Solutions (1)

Accepted Solutions (1)

former_member183878
Active Participant
0 Kudos

Hi ,

I had successfully implemented ACE on CRM Production

1:As we roll out new users that haven't been ACEd yet, do I need to refresh the activation of the rights over for each new group of users? Or just update the user context and object context?

Ans: We perform ACE Right reactivation for new user we add in tcode-ACE_ACTIVATION for particular Right ID.

3. If a BP get attached to new relationships, will ACE automatically redetermine?

Ans:You have to set back ground job

u201CACE_DISPATCHERu201D Event SAP_CRM_ACE_DISPATCHER_REQUEST

Parameters 100

It depend on the logic written in method of your ACE class IF_CRM_ACE_ACTORS_FROM_OBJECT~GET_ACTORS_FROM_OBJECT

regard ,

vijay.

Former Member
0 Kudos

1. As we roll out new users that haven't been ACEd yet, do I need to refresh the activation of the rights over for each new group of users? Or just update the user context and object context?

2. I've maintained the ACE parameter ACE_UCT_EXPIRATION_SECONDS and made it equal to 600 seconds, but it doesn't seem to update the user context automatically when we add new users.

3. If a BP get attached to new relationships, will ACE automatically redetermine?

Thank you for all your answers this is the response I got from OSS.

Please note that set ACE_UCT_EXPIRATION_SECONDS=600, does not mean the

user context (Get AFU) will be automatically recalculated right after

600 seconds. After 600 seconds, calculation will only takes place after

the next user

action, for example, the authorization request for an object. So, after

600 seconds, please try to use that user logon the Web UI to trigger thecalculation, and then run the ACE_RUNTIME to check the result list.

Answers (4)

Answers (4)

Former Member
0 Kudos

Pieter, thanks for you replies.

"You mention that they are added to the object table."

I mean, I can see them added to the internal table when debugging the code.

"And what exactly do you mean with analysing the runtime data for the user?"

In config under ACE, you can analyze the runtime data, so i put in the object and user id and execute and I can see everything that they should be able to see.

Let me ask a question.

On the return we have numerous partners attached. Contact, bill-tos, etc.. Do they have to have access to all the partners via ace or only the sold to partner?

can you give you email address and I will send code to you.

Thanks,

Cathy

Former Member
0 Kudos

Cath,

Access to the partners of a business object should not be a needed, as long as the user has authorization and ACE access to the returns business objects.

I have sent you a linkedin invite in order not to have to post my email address here.

Regards,

Pieter

Former Member
0 Kudos

Oss informed me that the changes will take place when the user logs in. Not sure i agree, but have to take their word.

Everything is going pretty well, except for follow up documents. They still can't be seen. They are returns that have an object type of BUS2000120 and I've debugged tha ACE logic and can see them being added to the object table, but when I analyze the runtime date for the user, those followup documents do not appear. Any Ideas? I can post my code.

Former Member
0 Kudos

Catherine,

Feel free to post the code. I will take a look.

You mention that they are added to the object table. Do you mean the ACL database table, or an internal table?

And what exactly do you mean with analysing the runtime data for the user?

Regards,

Pieter Rijlaarsdam

Former Member
0 Kudos

Pieter,

That doesn't seem to be the case for me though. Our users are assigned to a business partner (created as a person). Then they are assigned to a rep. That rep is assigned to multiple sold tos, so ACE code I wrote says. 1. Find out BP of user. 2. Find Rep of user. 3. Find all sold tos attached to REP and that is who the user can access. But if I switch which rep the BP of user is attached to, I have to update the user and object context again for they changes to take place. Have I set up something incorrectly. If I get answers to the other 2 questions on my own, I will update you for sure.

Cathy

Former Member
0 Kudos

Dear Cath,

ACE consists of three important methods.

AFU is the Actor for User. I would suggest to determine the REP here (assuming the BP of the user is always assigned to exactly one REP). So, determine BP for User and Rep for BP in the AFU.

In the OBF (Objects by Filter) and AFO (Actor for Object), determine which REPS are to have access to the sold-to.

In theory, this should work. If you applied ACE another way, feel free to explain :-).

Another thing you should keep in mind is that when you have the OBF / AFO determine objects based on relationships, is that upon a change of the second-level object (for instance a contact person) ACE determination should also work. So, beside having determination rules from account to contact, you should also apply a rule where the contact person is related to an account that grants acces... I hope this is understandable.

Regards,

Pieter

Former Member
0 Kudos

Cath,

I am looking forward to the answer to your first two questions, and can help you with the 3rd:

> 3. If a BP get attached to new relationships, will ACE automatically redetermine?

ACE determination is triggered on a change of the businesspartner. So, if you add a relationship, both related businesspartners will be ACE-redetermined.

Regards,

Pieter