Manage Access Policy | Restrict users to edit iFlow in shared CPI env.
We now have an access policy which will only allow authorized users to edit, download, deploy or delete iFlows. This will help in keeping the CPI environment safe from accidental edit/delete of iFlow from unauthorized users.
Below are the steps to give access to a particular user to edit/deploy/download/delete the iFlow, all other users can only view the iFlow and wont be able to perform any other action.
Go to CPI > Monitor > Access Policies
Create new access policy.
Give name and description.
Click on the newly created access policy and press the + button to create artifacts reference.
Give name, description, artifact type and name of the iFlow which we want to restrict for other users.
All the following steps will be performed in SAP cockpit, the user should have admin access to perform below activities..
Go to the CPI instance where the access policies needs to be applied.
Click on Application > Subscription > we want to click on the one with tmn in the end
Click on Roles,
Click on new Role, and give the name of the role which we created in CPI.
Now in the assign we can add the SAP ID of all the developers which we want access for the iFlow.
Once this user is assigned to the role, no other user will be able to access.
I will login with different user and try to edit the iFlow.
So, with this authorization in place, we can control who can work on your iFlow, and we can avoid situations where other teams/developer has modified your iFlow or deleted it.
Is the created access policy assigned to iflow or the package ?
Its for iFlow.
Can we create access policy for complete Package rather than I-Flow
Right now its iFlow, however I hope SAP will bring on package level soon, as its going to take lot of time to keep adding each iFlow in access policy.
Just got to know from SAP. Access policy is not enabled at package level yet. May be in the future updates it will be available.
Will the access policy work if user is provided Integration Developer role along with custom role?
We don't need to give any custom role to developer, as an administrator we need to add his/her sap id to the newly created custom role. The one who is adding this user id to custom role needs to have admin access.