You can make all of the settings for the Access Control Engine (ACE) in Customizing.
You make the settings for ACE in Customizing for Customer Relationship Management
under .
Prerequisites
In Customizing, check the
document for information about the following prerequisites for implementing ACE:Authorization objects
You require special authorization objects for ACE administration.
Job processing
The system uses background processing to calculate the ACE authorization data. For this reason, you must plan a periodic job.
Maintain general settings
Define the ACE parameters in Customizing under
. You can use these parameters to activate ACE or control ACE background processing, for example.One of the main elements of ACE are the rules. Among other things, rules determine the objects that ACE controls and the actors for users and objects. You enter rules and their components in Customizing under
. You also edit the following objects in this Customizing activity:Actions
Action groups
Superobject types
Object types
For a detailed description of the individual elements, see the corresponding documentation.
Another main element of ACE are the rights. Rights link components of the ACE rules with user groups and action groups. Work packages used as higher-level hierarchy nodes link multiple user groups to an organizational unit of ACE. Through unique assignment of user groups to work packages, the rights that are each assigned to a user group are also implicitly assigned to the work packages.
Define the work packages, user groups, and rights in Customizing under
.For a detailed description of the individual elements, see the corresponding documentation.
To generate authorization data, you must activate the ACE rights. In doing so, actors are used to link the objects that were defined with rules to the users that were defined with user groups. An object and a user that share the same actor create a relationship. These relationships are stored in the ACE runtime tables and can be called up directly, with no further calculations necessary.
Activate a right in Customizing under
.For a detailed description of the activation process, see the corresponding documentation.
Create and Analyze Design Data
You can use this Customizing activity to view the various ACE elements mentioned above, such as rights and user groups, in a tree structure, in order to analyze them. In addition, you can edit elements and create new ones.
Analyze Runtime Data
This Customizing activity gives you a glimpse of the authorization data that is currently stored in the ACE runtime tables. You can filter by object type, right, user, action, or object, for example.
Update User- and Object Context
You can use this activity to start the context calculation for users and objects manually. Normally, the system calculates the user context periodically and the object context when the object is changed.
The context creates the ACE-internal links between objects and users using actors.