cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does ACM work with SAP GUI and should Auth-object 'PLM_TRUSR' assigned ?

Go to solution
Former Member

on ‎09-14-2015 7:37 AM

0 Kudos

Hi Experts

I'm testing ACM on PLM WUI and SAP GUI.  But I'm not sure whether I should put auth-object PLM_TRUSR in PFCG role or not.


Below is my testing scenario.


I create an owning context 'TEST_CONTEXT' and assign two users ACC.USER/ ACC.USER2 with role 'ZPLM_ACC_USER'.

Scenario 1:

In role 'ZPLM_ACC_USER', 'PLM_DIR' is assigned in auth-object PLM_TRUSR

User ACC.USER who is assigned to ACC 'TEST_CONTEXT' can create a document with owning context 'TEST_CONTEXT'

User ACC.USER2 who is assigned to ACC 'TEST_CONTEXT'  can display this document

User ACC.USER3 who is not assigned to ACC 'TEST_CONTEXT' can not display this document on PLM WUI, but he can display it on SAP GUI

Scenario 2:

In role 'ZPLM_ACC_USER', 'PLM_DIR' is not assigned in auth-object PLM_TRUSR


User ACC.USER who is assigned to ACC 'TEST_CONTEXT' can not create document with this owing context, and he can not create document on SAP GUI.

User ACC.USER can not display the document which he created in last scenario

In scenario 1, it seems ACM only controls object with WUI but not with GUI. And in scenario 2, it seems auth-object PLM_TRUSR of document is a must if I want to use ACM. 

This is a related discussion which describes the same issue but it's not closed.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-14-2016 7:51 AM
0 Kudos

Implement SAP note 2182632 - Unable to Display Documents from CV03N transaction despite the user having the right ACC assigned

Show replies
Show replies

Answers (2)

Answers (2)

Dudi
Explorer
‎09-22-2015 1:51 PM
0 Kudos

Hi Jimmy,

1) if you want to use ACM for documents (in PLM7 and in SAPGUI) you must turn on "use acm" in customizing for the relevant document types. Documents of other document types should not be assigned to contexts!

2) The "trusted user"-authorization object is only relevant when a user tries to access a document that does not belong to any contexts. Users with "trusted user" can access such documents (if their standard authorizations allow). Users without "trusted user" cannot access such documents, they can only access documents which belong to context (and of course this context must grant the authorizations).

3) I am unsure as to how far ACM-control will work in EasyDM or in CDESK / CAD.

Hope this helps...?

Cheers,

Thomas

Show replies
Show replies
Former Member
‎09-22-2015 2:03 PM
0 Kudos

Hi Thomas

1) if you want to use ACM for documents (in PLM7 and in SAPGUI) you must turn on "use acm" in customizing for the relevant document types. Documents of other document types should not be assigned to contexts!

The document type is marked 'USA ACM' or I can't assign ACC to the testing documents.



2) The "trusted user"-authorization object is only relevant when a user tries to access a document that does not belong to any contexts. Users with "trusted user" can access such documents (if their standard authorizations allow). Users without "trusted user" cannot access such documents, they can only access documents which belong to context (and of course this context must grant the authorizations).

My user have the needed R/3 authorizations to created documents and he is assigned to an ACC allow him to create/change/display documents. If the user is not a trusted user he will come up with this error.

http://scn.sap.com/servlet/JiveServlet/downloadImage/2-16234013-791165/627-400/ACC.USER+can+not+crea...

It will help if you can get a sight of my system.

Best Regards

Jimmy

amarnath_singanamala2
Participant
‎09-14-2015 4:31 PM
0 Kudos

Hi Jimmy,

The auth-object 'PLM_TRUSR' will make the 'Owning context' field on the PLM Web UI of any object mandatory, so it forces the user to enter that field.




User ACC.USER3 who is not assigned to ACC 'TEST_CONTEXT' can not display this document on PLM WUI, but he can display it on SAP GUI

ACC 'TEST_CONTEXT' is not assigned to USER3 so he will not be able to display, but he can display it on ECC (SAP back-end) because ACC is not implemented in the SAP back-end.

However there is a way to do that, please follow the below link (Note: this might be licensed, you can check with your SAP AE).

Access Control Management - Downport to SAP GUI for Document

Thanks,

Amar

Show replies
Show replies
Former Member
‎09-16-2015 9:37 AM
0 Kudos

Hi Amar

I agree with you that without the auth-object 'PLM_TRUSR' will make the 'Owning Context' field on PLM Web UI mandatory. But once I have removed 'PLM_TRUSR' from testing role, I cannot create document on Web UI any more. It gives me messages 'Document type * not defined' 'Document of type is not relevant to PLM'.

During my testing, I found that ACC can be input in EDMS as well as CDESK when creating a document. I think that means ACM is also supported in the SAP GUI and EDMS besides Web UI.

Regards

Jimmy

Former Member
‎09-17-2015 1:30 PM
0 Kudos

Hi,

Please check the below auth in GUI.

Authorization Object C_DRAW_TCD (Activities for Documents)

Authorization Object C_DRAW_TCS (Status Dependent Authorization)

Authorization Object C_DRAW_STA (Document Status)

Authorization Objects in DMS - Product Lifecycle Management - SCN Wiki

Rgds,

Nayeem.

Former Member
‎09-18-2015 3:27 AM
0 Kudos

Hi Nayeem

On SAP GUI

1. My test user have R/3 authorizations to create documents(CV01N) when the document type is not marked 'USE ACM' in customizing.

2. Once this document type is marked 'USE ACM', the test user can no longer create documents of this document type. The error message is 'You are not authorized to create document with type HRT. Message No. /PLMI/CV001'.

3. Then I add auth-object 'PLM_TRUSR', once again the test user is able to create the document of this type.

I assume that this is a sign which tells me ACM has some effects on documents on SAP GUI.

Regards

Jimmy

Ask a Question