Authorizations During Role or Resource Assignment
When you assign a role or a resource to a project or project element, the corresponding users need project-specific authorization to perform their tasks. Equally, when a role or staff assignment is deleted, the related authorizations need to be deleted as well. Authorization management supports these requirements by enabling the automatic assignment and deletion of the relevant authorizations.
Prerequisites
In Customizing for
SAP Portfolio and Project Management
under
Project Management
Resource Management
Basic Settings for Roles
Define Role Types
, you have defined default authorizations to be granted to the users of resources assigned to a role during staffing.You have specified how project-specific authorizations obtained through role or resource assignment are to be processed when the corresponding role or staffing is deleted. For more information, see method CHANGE_AUTH_ON_ROLSTAFF_DEL in Customizing for
SAP Portfolio and Project Management
under Project Management
Resource Management
Basic Settings for Roles
BAdI: Authorizations in Resource Management
Features
Automatic Assignment of Authorizations
The following authorizations are granted automatically during role or resource assignment:
Default authorizations of the role type
These are automatically granted to the users of the resources assigned to the role during staffing (see Staffing of Roles with Resources). They are granted on project-header level and inherited by all subordinate project elements. By using this feature, you can ensure that the resources contained in the staffing of a role have at least
read
authorization for the project. Otherwise, they would not be able to access any project element at all no matter which authorization they have been granted for the project element.Write authorization for a project element
When you assign a responsible role or resource to a project element, the system automatically assigns this authorization to the users corresponding to the responsible resource or the role staffing.
Write authorization for a task
When you assign a role or a resource to a task (see Task Assignment), the system automatically grants this authorization to the users corresponding to the resource or the role staffing.
If several authorizations for a project element are granted to a user in this way, the system uses the highest authorization assigned. Note, however, that the automatically granted authorizations can be manually modified afterwards (see Assigning Authorizations).
Automatic Deletion of Authorizations
Depending on your Customizing settings (see Prerequisites
), the above authorizations are processed as follows:
In the standard system, a dialog box is displayed whenever a role or staffing is deleted. The deletion conditions are displayed in the dialog box and you can make your decision accordingly.
You have chosen to apply the same deletion condition to all roles or staff assignments throughout the system. In this case, the authorizations are deleted immediately when you delete a role or staffing.
The following deletion conditions exist:
Deleting all authorizations related to the role or staffing including those modified after they were granted
Deleting only authorizations that are still identical to those granted automatically for the role or staffing
No deletion of any authorizations
Caution
When you delete a staffing or a role, one or more of the affected resources may still be assigned to another role of the same project. In this case, even if you have chosen to delete all authorizations, the authorizations of the corresponding user are not merely deleted but adjusted to the authorizations obtained automatically through the other staffing. In cases where you have manually modified the default authorizations, this may lead to the user having more rights after the deletion than before.