Show TOC

Managing the Access Control ListLocate this document in the navigation structure

Use

The Access Control List (ACL) defines the permissions to particular principals to execute particular business object operations.

Prerequisites
  • Open the SAP NetWeaver Administrator tool, Configuration → Security → Identity Management → Composite Application Framework Authorization Tool and choose a business object and a business rule.
  • You have opened the Access Control List tab page.
  • You have the SAP_CAF_ADMIN role assigned.
Procedure

Adding a Principal

  1. Select the principal you want to add.

    You can do this in one of the following ways:

    • By searching
      1. In the Principal Name field, enter a name.

        You can also use asterisk (*). For example, by entering*ministr* , the Administrator entry is found.

      2. Choose with the quick info text Check Entries.
      3. Select the principal from the results table.
      4. Choose OK.
    • By browsing
      1. Choose with the quick info text Browse Users.
      2. Enter a filter string for the principals.

To see all principals, enter an asterisk (* ).

  1. To see results only for a particular principal type, select it from the Principal dropdown box.
  2. Choose Search.
  3. Browse until you find the principal you want to add and select it.

You can sort the principals by type or by name.

To do this, choose the top of the relevant column.

  1. Choose OK.
  1. Choose Add Selected to ACL

    A new entry is added to the ACL.

Setting Principal Permissions

  1. From the ACL, choose the entry you want to modify.
  2. From the Permission column, select the permission you want to set.
    Tip

    To add several permissions to one principal, add two entries with the same principal to the ACL and then assign different permissions to each of them.

    You can assign the following permissions:

    Permissions Descriptions

    fullcontrol

    Full access rights (create, read, update, delete)

    read

    Access rights only for reading

    update

    Access rights for reading and updating

    create

    Access rights for creating a new instance

    delete

    Access rights for reading and removing an existing instance
  3. Choose Save Business Rules to confirm the changes made.

Removing a Principal

  1. From the Access Control List, choose the entry you want to delete.
  2. Choose with the quick info text Remove.

    The principal and permission are removed from the list.

  3. Choose Save Business Rules to confirm the changes made.