Access Control Lists in BCV

You use this function to assign authorization to perform specific activities on objects in Business Context Viewer (BCV) to users, user groups, roles, or organizational units. An advantage of using access control lists (ACL ) is that they provide a flexible authorization framework. There is no need for a central administrator to grant and deny authorizations, users can do this themselves.

In BCV, you can use access control lists on their own, or in combination with authorization objects. For more information, see Authorization Concept in Business Context Viewer (BCV).

Features

Activities Included in ACLs

An ACL contains the following activities:

Activity/ Authorization	Description
Display	The system checks this activity when the user displays a BCV object.
Maintain	The system checks this activity when the user creates, changes, or deletes a BCV object.
Execute	The system checks this activity when the user executes a BCV object is executed.
Administer	The system checks this activity when the user displays, changes, or deletes an ACL. The activity Administer includes the activities Display, Maintain, Execute.
None	This activity withdraws all rights from an authorization holder.

Hierarchy of Activities

The activities of an ACL are arranged in the following hierarchical order:

Display
The authorization to display a BCV object does not include any other authorizations.
Maintain
The authorization to maintain a BCV object includes the authorization to display the BCV object.
Execute
The authorization to execute a BCV object does not include any other authorizations.
Administer
The authorization to administer BCV objects includes the authorization to display, maintain, and execute these objects. This means that a user who has the Administer authorization is allowed to display the BCV object, maintain its settings, and execute it. Furthermore, the Administer authorization enables an authorization holder to maintain ACL authorizations for a BCV object (for example, maintain the display authorization for user xyz for query view a).
None
The None authorization does not include any other authorizations. None excludes all other activities within an ACL. You use this authorization to withdraw authorizations for a BCV object from an authorization holder.

Activities

To create, display, maintain, or delete ACLs for a query view or dashboard, in the configuration center open a query view or a dashboard, choose Edit and on the Authorization tab page, edit, add, or delete authorization holders.

You can display access control lists (ACLs) in which a user group is used as authorization holder. This is useful if you want to delete a user group but cannot, because it is still used as authorization holder in ACLs. For more information, see Where-Used List of User Groups in Access Control List (ACL).