1. Security Management Logic
Security Management is split by Role dans Scope depending on the object you want to give users access to.
1.1 Role
- One user needs to have at least one role (but can have multiple ones).
- The role is concretely a user group.
- The objective behind is to give access to Workspaces (Remote and/or Web), Models, Shortcuts.
- The list of roles by GBU has been defined and should not changed frequently.
- For example: two users can be Sales Manager for one GBU - they will see the same workspaces, shortcuts, models... The process will be identical.
1.2 Scope
- One user needs to have one scope/perimeter only (in order to avoid conflict/blocking between several users.)
- The scope is concretely a user group.
- The objective behind is to give access to a specific list of DFUs or any other dimension (depending on an aggregated level).
- The scope is changing frequently depending on Commercial Team organization in SAP/GBU.
- For example: two users can be Sales Managers for one GBU but with two different scopes - they will be able to work on the same workspace at the same time on a different set of DFUs.
2. Security by GBU
As explained above, security is applied based on GBU and role. Here is the summary of GBU roles list.
2.1. DP2 - Composites (CM)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.2 DSCP1 - Soda Ash and Derivatives (SD)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.3 DP3 - Novecare (CS)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.4 DP3 - Oil and Gas (OG)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.5 DP3 - Special Chem (CH)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.6 DP1 - Aroma (PA)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.7 DP1 - Perox (PE)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.8 DP1 - Silica (SI)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.9 DP1 - Technology Solutions (TS)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
2.10 DSCP2 - Specialty Polymers (SP)
i. Workspaces
ii. Models
iii. Shortcuts
iv. Master Tables
3. Examples
Here are some examples on concret cases, raised by ticket through the years.
3.1 Example #1 - Simple
For ex: for a Sales Employee of a given GBU
| # | Description | Screenshot |
|---|---|---|
| 1 | right click the master table Sales Employee ID, then click Security In the Advanced security tab, for each user group, associate the conditions to the corresponding user groups, |
|
| 2 | right click the master table Material:shipto@DC, click Security In the Advanced security tab, for each user group, associate the conditions to the corresponding user groups, |
|
3.2 Example #2 - Complex
For example, QSM-285899
| # | Description | Screenshot | Reference view |
|---|---|---|---|
Problem Reporting! | |||
| 1 | user SANTOSMA all black view while open the work space, |
|
|
Trouble Shooting! | |||
| 2 | The grid view has a split on dimension Material:Shipto@DC into
|
| |
| 3 | If you connect as the user into the rich client and right click => Configure |
| |
| 4 | The problem is on Material : the view has a filter on Material, on condition 'GBU - TS: Yes & Planned Material | TS : Yes' : |
| |
| 5 | User belongs to those groups : |
| |
| 6 | The only group having a security configured on the master table 'Material' is TS - US / Marcio Santos, with the visibility condition 'GBU - SA&D' Finally, a right click => hierarchy view (with a super user account) on the master table 'Material' shows that there is no intersection between the combination of the conditions used to filter the grid and the condition of visibility : |
| |
| 7 | select here the 3 conditions (pressing control key allows to multiple select them) : |
| |
| 8 | And we can see that no material fulfills the 3 conditions : |
| |
Fix! | |||
| 9 | The problem is on Material : the view has a filter on Material, on condition 'GBU - TS: Yes & Planned Material | TS : Yes' : To remove the condition 'GBU - SA&D' in Material table associated with user group TS - US / Marcio Santos |
| |
