Advanced Access Control
In Business Process Monitoring powered by SAP Cloud ALM access groups can be used to tailor the access. As we are continuously working on new features and content, I am happy to announce that you can now make use of the latest enhancement for the Access Control.
With the most recent delivery Attributes were added to access groups.
But let’s start from scratch:
Mainly: We heard your feedback and reacted.
We were approached with questions like “is there an option to limit which data is seen by a certain user?”, “we do have a straight separation between company codes – how can this be reflected in Business Process Monitoring” or “how can we reflect the legal entities and separate the business user access in Business Processing Monitoring according to our organization?”.
And now there is an answer for this question!
How to use Attributes
We enhanced the existing Access Groups by Attributes. This means your existing Access Groups are not changed. So the good news in addition is: the access settings you applied for the groups are still in place – but you can specify now also Attributes.
You are asking yourself is there any action required from my end? Shortly: No. If you would like to continue with your existing groups and you do not have the need for Attributes, simply proceed.
Advanced Access Control Groups
In Access Groups you can now make use of Attributes to specify which business data is shown as part of a certain access groups.
Based on your Business Data and organizational structure you can assign the respective attribute sets/values for a specific Access Group.
As there might be various (user) groupings – you can also use the “Copy Group” functionality.
In my previous blog I introduced the sample personas – now I would like to show you how you can leverage them:
Attributes in Context of Personas
Kim is working as recruiter and is supporting the managers during the employee lifecycle from defining positions, recruiting but as well as off-boarding.
End-to-End Process: Hire to Retire
Addition: Kim is focussing on recruiting to Germany. And all recruiters should only have access to the data of the Legal Entity Codes for which they are responsible.
Step 1: Copy existing group and enhance group name
Step 2: Maintain Attribute values according to concept
Step 3: Save Changes
For Alex, who is working in Manufacturing Team. Company Code and Plants are in focus.
End-to-End Process: Design to Operate
The following Attribute values would need to be maintained according to concept:
These examples show how you can make use of the copy group functionality to build further groups with distinctive attributes.
A few points to take away in this context:
- No Attributes maintained: no restriction on business data is applied
- Attributes maintained: business data is restricted for the users assigned to a certain group
- Attributes are additive: if a user is assigned to multiple groups with Attributes, all business data is shown which is relevant for the assigned Attributes
- Relevant business roles for Access Groups: Business Process Monitoring Viewer, Business Process Monitoring Consumer, Business Process Monitoring Process Executor, Business Process Monitoring Process Manager. Otherwise you are considered as administrator – this also applied if you are Cross Global Administrator.
Last but not least another hint: Keep in mind that the available attributes depend on your scope selection. If an attribute isn’t relevant for the selected scope, you can’t select it.
With Attributes Access Groups can be enhanced to restrict business data. You can learn more about Access Groups based on my blog: Tailoring Business Process Monitoring for your business users
And for your reference further sources to check out on Business Process Monitoring:
Feedback & end credits
If you have read until the end, we would like to know what you think! Leave us a like or comment here on this blog post. We’re looking forward to hearing from you!
Last but not least: Thank you for reading my blog & Stay tuned!