Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How access restrictions work in a Project in SAP Cloud ALM

Jagmohan_Chawla
Advisor
Advisor
‎12-15-2022 10:10 AM
 

 

In this blog post, I would like to explain

What is this newly introduced option called Access Level


What happens to existing Projects with this change


How can you use it


 

so let's get started.

you may also want to watch the video



Before you proceed please ensure you are familiar with the difference between Project roles and authorization roles. If not please read this Blog Post

or watch this video



 

What is the access level?


Access level in a Project is a newly introduced option that is offered during Project creation with three values


 

Public


This option should be used if a Project lead wants the editing rights of artifacts in the Project to be open to all tenant users as long as they have a Project Member or higher authorization. This means the Project lead does not need to explicitly assign people to the Project and give them a Project role. As long as someone has the proper authorization role, he or she can freely edit things in a Project even if this person is not assigned to any Team or any Project role within the Project

 

Restricted


In case the Project lead wants to control the editing of artifacts of a Project but make them easily available to all the different tenant users, this option should be used. This means only the persons explicitly assigned to a Project and having a Project role can edit the artifacts of the Project but all other tenant users can view the artifacts in the Project as long as they have a Project viewer authorization role or higher







Note: You can end up losing editing rights if you remove yourself from the Project and set access level to Restricted . So Please ensure you remain as Project Lead or Project member in that specific Project before you perform this change.

 

Private


This option should be used in case the Project deals with sensitive information and even the name of the Project is confidential. The display and edit access of the Project will be limited to only the users which are explicitly assigned to at least one Team in a Project in a Project role







Note: You can end up losing viewing and editing rights if you remove yourself from the Project and set it to Private. You can infact lock yourself out. So Please ensure you remain as Project Lead or at least a Project member in that specific Project before you perform this change.

 

What happens to existing Projects


Existing projects will be set to access level Public. Please ensure this is correct or change the access level as per your needs

 

What happens to newly created Projects


Newly created Projects get the access level Restricted by default. This can be easily changed anytime.

 

How to use Access Level


A Project lead needs to decide what kind of information is in a Project. As an example, you can use the below hints

  • If the Project needs wide collaboration with an organization - Set to Public

  • If the Project needs to be controlled edit but transparency for reading information - Set to Restricted

  • If the Project information is sensitive or valid only for a controlled group - Set to Private


 

Is there any fine Print


You need to understand that if a Project is set to Private, it will not appear in search results for nonproject members. In case you have a Deployment Plan which is assigned to a Private Project,

For a person who has access to Project, the Deployment Plan will look like


But if the logged-in person is not assigned to the Private Project the name of the Project will not appear in the assigned Projects section and will appear anonymized


Also, you need to be careful when making a Project Restricted or Private as you may lose editing rights

You also need to be aware that a Project Administrator can still access information for a Private Project

Is there more detailed information


This is the most detailed matrix to understand



How to read this matrix


First of all, you need to understand that when you assign anyone as Project Lead in a Project ie give him the Project role "Project Lead", he also gets the authorization role "Project Lead". When you give a Project role such as Business Expert or Analytics Expert, he gets a "Project Member" authorization role. So it's important to know this mapping

 


so at the end of the day, any project member is assigned as a Project Lead or Not as a Project lead


And now let's focus on one row of this matrix



So let's assume Business Expert Betty working in Project A ( Project role: Business Process Expert, Authorisation role: Project member in Project A ) looking a Project B where is she is not assigned. In this case Project B is set to Restricted. Since Betty is having a Project member authorization

the relevant record is


so Betty will be able to Display Project B and its artifacts and not edit them

 

Additional links


Official Help Documentation

Next Steps


As we publish more and more blog posts, it’s easy to get lost. Please visit the Master Blog post and bookmark it.

To understand an end-to-end picture, please visit

Expert Portal for Implementation and staying connected. You can also Follow me to ensure you do not miss any updates.
Labels:
2 Comments
Labels in this area
Popular Blog Posts