In this blogpost I would like to provide the SAP PLM functional consultants an overview on Access Control Management functionality in SAP Product Lifecycle Management (SAP PLM) in S/4 HANA.
Access Control Management:
Access control management (ACM) is used to control the actions (Create/Change/Display) for an User in SAP Product Lifecycle Management (SAP PLM) by controlling access to business objects (Recipe, Specification, BoM etc).
Access control contexts(ACC) provide an access-controlling mechanism based on context roles.
In SAP S/4 HANA 1709 FPS01 the Access Control context was re-introduced to the PLM Objects. The following objects were made available for ACC in S/4 HANA PLM 1709 FPS02 & material BOM is added to the list in 1809.
Currently the ACC context can be assigned to the following PLM objects
- Material BOM.
The ACC is used in PLM to control the access for users by assigning them to a context. It helps in providing extra layer of authorization which is above the authorizations a user has from PFCG roles.
Administrators of a context assign specific activities for business objects to users, for example, create documents or change materials. The activities are bundled in context roles. Only users assigned to the appropriate context roles can perform the activities specified for the business objects.
Following Settings should be maintained in the system to use ACM for PLM objects.
- SPRO-> Product Lifecycle Management (PLM)->PLM Web User Interface->Web Applications->PLM Authorizations and Access Control Context->Specify Object Types for Access Authorization Check
The following objects types are specified in the standard system:
- Access Control Context (PLM_ACC)
- Material BOM (PLM_BOMMAT)
- Document (PLM_DIR)
- Material (PLM_MAT)
2. SPRO-> Product Lifecycle Management (PLM)->PLM Web User Interface->Web Applications->PLM Authorizations and Access Control Context->Specify Roles for Access Authorization Check
3. Context Type
The context type determines the purpose and use of a context.
- Root context
The purpose is to inherit authorizations down to the whole context hierarchy. This context is the only context that does not have a parent context. During system setup, you create a root context by running a program
Logistics – General -> Product Lifecycle Management (PLM) -> PLM Web User Interface -> PLM Web Applications -> PLM Authorizations and Access Control Context ->Create a Root Access Control Context
- Standard context
A context type that owns all its objects. This context has a parent context.
- Compound context
A special context that not only owns objects but also allows objects to be assigned to it without the objects belonging to it. This context has a parent context
if we are making any changes to the ACC roles the following jobs should be run to update the system.
Hope this blogpost helps in understanding the ACM functionality in SAP PLMC