on 09-14-2015 7:37 AM
Hi Experts
I'm testing ACM on PLM WUI and SAP GUI. But I'm not sure whether I should put auth-object PLM_TRUSR in PFCG role or not.
Below is my testing scenario.
I create an owning context 'TEST_CONTEXT' and assign two users ACC.USER/ ACC.USER2 with role 'ZPLM_ACC_USER'.
Scenario 1:
In role 'ZPLM_ACC_USER', 'PLM_DIR' is assigned in auth-object PLM_TRUSR
User ACC.USER who is assigned to ACC 'TEST_CONTEXT' can create a document with owning context 'TEST_CONTEXT'
User ACC.USER2 who is assigned to ACC 'TEST_CONTEXT' can display this document
User ACC.USER3 who is not assigned to ACC 'TEST_CONTEXT' can not display this document on PLM WUI, but he can display it on SAP GUI
Scenario 2:
In role 'ZPLM_ACC_USER', 'PLM_DIR' is not assigned in auth-object PLM_TRUSR
User ACC.USER who is assigned to ACC 'TEST_CONTEXT' can not create document with this owing context, and he can not create document on SAP GUI.
User ACC.USER can not display the document which he created in last scenario
In scenario 1, it seems ACM only controls object with WUI but not with GUI. And in scenario 2, it seems auth-object PLM_TRUSR of document is a must if I want to use ACM.
This is a related discussion which describes the same issue but it's not closed.
Implement SAP note 2182632 - Unable to Display Documents from CV03N transaction despite the user having the right ACC assigned
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jimmy,
1) if you want to use ACM for documents (in PLM7 and in SAPGUI) you must turn on "use acm" in customizing for the relevant document types. Documents of other document types should not be assigned to contexts!
2) The "trusted user"-authorization object is only relevant when a user tries to access a document that does not belong to any contexts. Users with "trusted user" can access such documents (if their standard authorizations allow). Users without "trusted user" cannot access such documents, they can only access documents which belong to context (and of course this context must grant the authorizations).
3) I am unsure as to how far ACM-control will work in EasyDM or in CDESK / CAD.
Hope this helps...?
Cheers,
Thomas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Thomas
1) if you want to use ACM for documents (in PLM7 and in SAPGUI) you must turn on "use acm" in customizing for the relevant document types. Documents of other document types should not be assigned to contexts!
The document type is marked 'USA ACM' or I can't assign ACC to the testing documents.
2) The "trusted user"-authorization object is only relevant when a user tries to access a document that does not belong to any contexts. Users with "trusted user" can access such documents (if their standard authorizations allow). Users without "trusted user" cannot access such documents, they can only access documents which belong to context (and of course this context must grant the authorizations).
My user have the needed R/3 authorizations to created documents and he is assigned to an ACC allow him to create/change/display documents. If the user is not a trusted user he will come up with this error.
It will help if you can get a sight of my system.
Best Regards
Jimmy
Hi Jimmy,
The auth-object 'PLM_TRUSR' will make the 'Owning context' field on the PLM Web UI of any object mandatory, so it forces the user to enter that field.
User ACC.USER3 who is not assigned to ACC 'TEST_CONTEXT' can not display this document on PLM WUI, but he can display it on SAP GUI
ACC 'TEST_CONTEXT' is not assigned to USER3 so he will not be able to display, but he can display it on ECC (SAP back-end) because ACC is not implemented in the SAP back-end.
However there is a way to do that, please follow the below link (Note: this might be licensed, you can check with your SAP AE).
Access Control Management - Downport to SAP GUI for Document
Thanks,
Amar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Amar
I agree with you that without the auth-object 'PLM_TRUSR' will make the 'Owning Context' field on PLM Web UI mandatory. But once I have removed 'PLM_TRUSR' from testing role, I cannot create document on Web UI any more. It gives me messages 'Document type * not defined' 'Document of type is not relevant to PLM'.
During my testing, I found that ACC can be input in EDMS as well as CDESK when creating a document. I think that means ACM is also supported in the SAP GUI and EDMS besides Web UI.
Regards
Jimmy
Hi,
Please check the below auth in GUI.
Authorization Object C_DRAW_TCD (Activities for Documents)
Authorization Object C_DRAW_TCS (Status Dependent Authorization)
Authorization Object C_DRAW_STA (Document Status)
Authorization Objects in DMS - Product Lifecycle Management - SCN Wiki
Rgds,
Nayeem.
Hi Nayeem
On SAP GUI
1. My test user have R/3 authorizations to create documents(CV01N) when the document type is not marked 'USE ACM' in customizing.
2. Once this document type is marked 'USE ACM', the test user can no longer create documents of this document type. The error message is 'You are not authorized to create document with type HRT. Message No. /PLMI/CV001'.
3. Then I add auth-object 'PLM_TRUSR', once again the test user is able to create the document of this type.
I assume that this is a sign which tells me ACM has some effects on documents on SAP GUI.
Regards
Jimmy
User | Count |
---|---|
103 | |
12 | |
11 | |
6 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.