Skip to Content
Technical Articles
Author's profile photo Yatanveer Singh

Manage Access Policy | Restrict users to edit iFlow in shared CPI env.

Hi All,

 

We now have an access policy which will only allow authorized users to edit, download, deploy or delete iFlows. This will help in keeping the CPI environment safe from accidental edit/delete of iFlow from unauthorized users.

 

Below are the steps to give access to a particular user to edit/deploy/download/delete the iFlow, all other users can only view the iFlow and wont be able to perform any other action.

 

Go to CPI > Monitor > Access Policies

 

 

 

Create new access policy.

 

 

Give name and description.

 

 

Click on the newly created access policy and press the + button to create artifacts reference.

 

Give name, description, artifact type and name of the iFlow which we want to restrict for other users.

All the following steps will be performed in SAP cockpit, the user should have admin access to perform below activities..

 

Go to the CPI instance where the access policies needs to be applied.

 

Click on Application > Subscription > we want to click on the one with tmn in the end

 

 

Click on Roles,

 

Click on new Role, and give the name of the role which we created in CPI.

 

 

Now in the assign we can add the SAP ID of all the developers which we want access for the iFlow.

 

 

Once this user is assigned to the role, no other user will be able to access.

 

I will login with different user and try to edit the iFlow.

 

So, with this authorization in place, we can control who can work on your iFlow, and we can avoid situations where other teams/developer has modified your iFlow or deleted it.

 

 

Thanks

Yatan

Assigned tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo R Bharti
      R Bharti

      Hello Yatanveer,

      Is the created access policy assigned to iflow or the package ?

      Author's profile photo Yatanveer Singh
      Yatanveer Singh
      Blog Post Author

      Hi Bharti,

      Its for iFlow.

      Yatan

      Author's profile photo Shameer Shaik
      Shameer Shaik

      Can we create access policy for complete Package rather than I-Flow

      Author's profile photo Yatanveer Singh
      Yatanveer Singh
      Blog Post Author

      Right now its iFlow, however I hope SAP will bring on package level soon, as its going to take lot of time to keep adding each iFlow in access policy.

      Author's profile photo Shameer Shaik
      Shameer Shaik

      Just got to know from SAP. Access policy is not enabled at package level yet. May be in the future updates it will be available.

      Author's profile photo Akash Shrivastava
      Akash Shrivastava

      Will the access policy work if user is provided Integration Developer role along with custom role?

      Author's profile photo Yatanveer Singh
      Yatanveer Singh
      Blog Post Author

      We don't need to give any custom role to developer, as an administrator we need to add his/her sap id to the newly created custom role. The one who is adding this user id to custom role needs to have admin access.