Show TOC

Function documentationAuthorizations in Project Management

 

Authorizations ensure that only authorized persons can see or process a project or parts of a project.

In Project Management, there are two different types of authorizations:

  1. General authorizations

    Your system administrator creates these authorizations in the authorization profiles in the user master record.

  2. Project-specific authorizations

    You issue these authorizations to the project participants for individual objects.

Prerequisites

  • The system administrator has created users, roles, and organizational units.

  • The system administrator has created default authorizations for roles in Customizing for Project Management by choosing Start of the navigation path Resource Management Next navigation step Basic Settings for Roles Next navigation step Define Role Types End of the navigation path.

  • You have created user groups as required.

Features

General Authorizations

These authorizations safeguard the following functions:

  • Creating projects

  • Creating, changing, displaying, and deleting project templates, checklist templates, and control plan templates

Every Project Management user has the authorization to execute these functions.

Project-Specific Authorizations

These authorizations safeguard access to or the processing of specific projects or project elements. They can be displayed on the Authorizations tab page within the Structure view of a project.

Project-specific authorizations are granted in the following ways:

  • When you create a project, you are automatically granted administration authorization for this project.

  • During resource management, the resources assigned to a project or project element are automatically granted the relevant authorizations (see Authorizations During Role or Resource Assignment).

  • Authorizations specific to a project element are inherited by lower-level project elements. On the Authorizations tab page of the project element, you can recognize them by the entry in the Inherited from column.

  • Any user with administration authorization for a project or project element can add further authorization holders or change existing authorizations for these project elements (see Assigning Authorizations).

Caution Caution

The authorizations that have specifically been granted to an authorization holder take priority over the authorizations that have been inherited by this authorization holder. However, if a project participant has different authorizations acquired through different authorization holders, an inherited authorization can also take priority over the others (see section "Prioritizing Authorizations").

End of the caution.
Authorization Holders

The following authorization holders are available:

  1. Individual users

  2. User groups

  3. Organizational units

  4. Roles (single or composite roles)

    Note Note

    Here you can also enter authorization holders to whom no roles are assigned.

    End of the note.
Prioritizing Authorizations

The so-called order of authorization holders represents a prioritization of authorizations. This is important if a user has acquired a number of different authorizations for an object through different authorization holders. Individual users carry more weight than user groups and user groups carry more weight than roles. If, for example, a single user has write authorization for a task and acquires read authorization for the same task through a user group, the authorization of the single user applies, in this case, write.

Prioritization also applies to inherited authorizations, for example, an authorization inherited by a user carries more weight than the authorization for a project element assigned to a user by means of a user group.

Authorizations

The following project-specific authorizations are available:

  • No authorization

    This authorization withdraws all authorizations for an object from a user, even if he or she has the authorization for a superior object.

  • Admin

    You receive this authorization automatically from the system when you create a project. You can use this authorization to perform the following activities:

    • Change all the data in a project element or document

    • Delete project elements

    • Create additional project elements

    • Grant authorizations to other project participants

    • Plan the schedule for project elements

    • Initiate the approval of a phase

    This authorization includes the read and write authorizations.

  • Write

    You receive this authorization automatically from the system if you were entered as the person responsible for or the processor of a project element. You can use this authorization for all the activities you have to perform as the person responsible for or the processor of a project element or document:

    • Enter actual values for a task or checklist item.

      These are:

      • Checklist item: Actual finish, result, detection, severity, occurrence, status

      • Task: Actual start, actual finish, confirmation, degree of processing, status

    • Change the status of a checklist.

    • Create, edit, and delete collaborations, object links, and control plans for a project element.

    • Create, edit, and delete documents for a project element.

      Note Note

      If you want to delete the project element, you require write authorization for the superior project element and administrative authorization for the document itself.

      End of the note.

    • Set manual threshold value violations

    • Grant the individual approval of a phase

    You cannot perform the following activities with this authorization:

    • Create and delete project elements

    • Change authorizations

    • Plan dates

    • Begin, cancel, or grant approvals

    • Create relationships for tasks

    • Change the status of the project definition or phase

    • Release or cancel a task

    • Release a checklist or checklist item

    The authorization includes read authorization.

  • Read

    This authorization enables you to display all data for the project element or document.

In addition to admin, write, or read, you can grant the following authorizations for the project definition:

  • Evaluate

    This authorization enables you to perform evaluations for the project. When you perform the evaluation, the system checks for each displayed object whether the project participant has at least read authorization.

  • Resource management

    This authorization enables you to find and assign resources in a project.

  • Accounting

    If you already have admin authorization, you can carry out costing and display data from accounting with this authorization.

  • Staffing manager

    If you are a staffing manager, the system displays all roles with the staffing type Resource Manager via Authorization, and these are staffed by resources in the worklist of the external resource management application.

  • Candidate manager

    If you are a candidate manager, the system displays all roles with the staffing type Resource Manager via Authorization, and these are staffed by candidates in the worklist of the external resource management application.