Component documentationAuthorizations and Access Control Context (PLM-WUI-APP-ACC)

 

You can use this component of the PLM Web User Interface (PLM Web UI) to control a user's access to business objects in addition to using the authorizations granted by SAP ERP Central Component (SAP ECC). For more information, see Determination of Object Access.

Implementation Considerations

The access authorization concept of this component supports business use cases where a user freely navigates in the SAP PLM system. The users’ access authorizations determine the objects that they can find and work with. These scenarios can occur when employees of different subsidiaries are working in the same SAP PLM system, for example, if external employees share the same office with internal employees (in an integrated external design team), or trusted external parties (for example, a supplier, or an engineering service provider) access the SAP PLM system using the internet.

  • Collaboration within the intranet of a company

    Due to globalization more and more companies are working with subsidiaries or they work with engineers who are employed by other companies. In some cases the external engineers work in the same office as the internal employees and access data through the company’s intranet. This is also true when subsidiaries are connected to the company’s data through a virtual private network (VPN). Even in cases when only internal employees are working with an SAP PLM system, they should not have access to all data in the system. For example, an automotive company segregates data that is solely relevant for the Formula One department from internal employees who have no Formula One-related tasks. Moreover, business objects in a system (like a material) can be the responsibility of a certain team, project or department. If a user wants to change a specific material, the system checks whether the material belongs to the user’s area of responsibility. If not, the system prevents the user from changing the material.

    In all cases, both the internal and external engineers need access to the information that is necessary for their work. However, due to the protection of intellectual property they should not have access to information that is not relevant for their work. Protection of intellectual property applies in particular to external employees and to employees of subsidiaries that have a lower level of trustworthiness. We provide a solution for this requirement with this component.

  • Collaboration with business partners accessing data from the extranet

    In other cases, the external engineers work in remote locations and use the internet to access data. The same considerations regarding data security apply as above, but in addition the level of trust determines what type of software solution we recommend for collaboration with external parties.

    • When the level of trust is low, it makes sense that external parties access only copies of the original objects, as these external parties should not be able to access the company’s intranet. The copies reside in another system than the originals, which are stored in the SAP PLM back-end system. We offer Collaboration Folders (cFolders) to support this approach. For more information, see Design Collaboration with cFolders. Replication of the relevant data from one system to a collaboration system and reconciliation of the collaboration data back into the original system result in significant efforts. These efforts are only justified by the low level of trust. Therefore, when the level of trust is high and the data volume is high, the alternative method is preferable: direct controlled access to the original data in the SAP PLM system.

    • Direct controlled access to the original data in the SAP PLM system (but only to data that is relevant for the actual work) is the recommended approach when collaborating with trusted external parties. We provide a solution for this requirement with this component.

Features

This component has the following features: