Access Control List

DevWorkbench    Wednesday February 5th, 2014   

Access Control Lists (ACLs) in the SAP ERP system can be used within the SAP PS module to restrict the access to PS data structures (WBS elements and networks). They were added in  SAP ERP ECC 6.0 EhP 3. Before being able to use ACLs, they must be enabled in customizing.

For WBS elements:

SPRO → Project System → Structures → Operative Structures → Work Breakdown Structure (WBS) → Create Project Profile

For networks:

SPRO  Project System → Structures → Operative Structures  Network Settings for Networks  Maintain Network Profiles

ACLs can be enabled per project or network profile; so they will be available for projects and networks with specific profiles only. In customizing, you can also choose if ACL inheritance should be enabled (which makes a lot of sense from my point of view).

After enabling ACLs in customizing, they will be available as a tab on the header data of projects, WBS elements and/or networks. They work basically like unix file ACLs – you can assign read, write and admin (meaning read, write, delete, and the modification of the ACL itself) privileges and also restrict access completely per user, user group or organizational unit. A very useful feature that has been demanded for a while by the SAP PS users.