Background documentationAuthorizations Using Access Control

 

In project-based businesses, most projects involve people fulfilling diverse and multiple roles. Each role is responsible for specific tasks, and sometimes it may also be necessary to regulate access to sensitive data based on an individual's role and tasks. For example, the task of a cost estimator may be to estimate the cost during the bid phase of a project whereas tasks of a project manager may also include project reporting and forecasting and keeping track of project or organizational KPIs during project execution. An enhanced control mechanism is needed to define what information people in these roles can access and act upon.

Different applications in SAP Commercial Project Management provide functions that cater to different roles in a master project. To simplify the enforcement of restrictions provided by system-level PFCG roles and project-specific roles, a new framework is available to enable project managers to decide application-level control for access to data and functions, based on an individual’s role in a master project.

Process

To setup a robust access control for your project environment and your organization, the following are important steps:

  1. Evaluate and understand the access control requirements for your organization.

    Before setting up access control, understand the tasks of each role with regard to the various functions in SAP Commercial Project Management. A comprehensive list of standard access control IDs are available. Consider the tasks of each role with the access control IDs that are provided in Customizing for SAP Commercial Project Management, under Start of the navigation path Master Data Next navigation step Master Project Next navigation step Define Access Control End of the navigation path. To know the significance of each access control ID, see Configuration of Access Control.

  2. Configure access control.

    After mapping the tasks of typical roles with available access control IDs, proceed with setting up access control groups using relevant Customizing activities. This is usually the task of a system administrator.

    The activities to set up access control are:

    • Creation of project roles and role profiles

    • Creation of access control groups according to project roles

    • Assignment of PFCG roles to users, including the optional assignment of the authorization object to override access control

    • Activation of access control for master projects

    For more information about each activity, see Configuration of Access Control.

  3. Assign responsibilities to team members.

    After setting up access control, a project manager can use the master project team to manage day-to-day execution of projects and control access to business objects and financial plans. To know more about using access control in project teams, see Authorizations Using Project Workspace Roles.

    For more information about using master project teams, see Teams and Roles.