Skip to Content
Product Information
Author's profile photo Stephanie Jerch

Advanced Access Control


In Business Process Monitoring powered by SAP Cloud ALM access groups can be used to tailor the access. As we are continuously working on new features and content, I am happy to announce that you can now make use of the latest enhancement for the Access Control.

What’s new

With the most recent delivery Attributes were added to access groups.

But let’s start from scratch:


Mainly: We heard your feedback and reacted.

We were approached with questions like “is there an option to limit which data is seen by a certain user?”, “we do have a straight separation between company codes – how can this be reflected in Business Process Monitoring” or “how can we reflect the legal entities and separate the business user access in Business Processing Monitoring according to our organization?”.

And now there is an answer for this question!

How to use Attributes

We enhanced the existing Access Groups by Attributes. This means your existing Access Groups are not changed. So the good news in addition is: the access settings you applied for the groups are still in place – but you can specify now also Attributes.

You are asking yourself is there any action required from my end? Shortly: No. If you would like to continue with your existing groups and you do not have the need for Attributes, simply proceed.

Advanced Access Control Groups

In Access Groups you can now make use of Attributes to specify which business data is shown as part of a certain access groups.


New Access Group – Attributes

Based on your Business Data and organizational structure you can assign the respective attribute sets/values for a specific Access Group.

As there might be various (user) groupings – you can also use the “Copy Group” functionality.

In my previous blog I introduced the sample personas – now I would like to show you how you can leverage them:

Attributes in Context of Personas

Kim is working as recruiter and is supporting the managers during the employee lifecycle from defining positions, recruiting but as well as off-boarding.

End-to-End Process: Hire to Retire

Addition: Kim is focussing on recruiting to Germany. And all recruiters should only have access to the data of the Legal Entity Codes for which they are responsible.

Step 1: Copy existing group and enhance group name


Copy Access Group – Localization for Germany

Step 2: Maintain Attribute values according to concept

Access Group – Localization for Germany – Attributes

Step 3: Save Changes

For Alex, who is working in Manufacturing Team. Company Code and Plants are in focus.

End-to-End Process: Design to Operate

The following Attribute values would need to be maintained according to concept:


Access Group – Manufacturing – Localization for Germany – Attributes

These examples show how you can make use of the copy group functionality to build further groups with distinctive attributes.


A few points to take away in this context:

  • No Attributes maintained: no restriction on business data is applied
  • Attributes maintained: business data is restricted for the users assigned to a certain group
  • Attributes are additive: if a user is assigned to multiple groups with Attributes, all business data is shown which is relevant for the assigned Attributes
  • Relevant business roles for Access Groups: Business Process Monitoring Viewer, Business Process Monitoring Consumer, Business Process Monitoring Process Executor, Business Process Monitoring Process Manager. Otherwise you are considered as administrator – this also applied if you are Cross Global Administrator.

Last but not least another hint: Keep in mind that the available attributes depend on your scope selection. If an attribute isn’t relevant for the selected scope, you can’t select it.


With Attributes Access Groups can be enhanced to restrict business data. You can learn more about Access Groups based on my blog: Tailoring Business Process Monitoring for your business users

And for your reference further sources to check out on Business Process Monitoring:

Four steps to get started with Business Process Monitoring powered by SAP Cloud ALM (Blog)

Business Process Monitoring in SAP Cloud ALM for Operations Expert Portal

Business Process Monitoring KPI content (Expert Portal)

SAP Cloud ALM – Business Process Monitoring (Blog)

Feedback & end credits

If you have read until the end, we would like to know what you think! Leave us a like or comment here on this blog post. We’re looking forward to hearing from you!

Last but not least: Thank you for reading my blog & Stay tuned!


Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.