PPM Process Package
PPP Customizing Walkthrough
What You Can Modify
Authorizations

Authorizations

SAP PPM (Portfolio and Project Management) Authorizations provide a framework to control user access and actions at a granular level, ensuring data security and effective collaboration. PPP Authorizations complement the general ACL (Access Control List) by adding finer controls on specific actions. Below is a detailed explanation incorporating new insights.

PPM Authorizations

In SAP Portfolio and Project Management (PPM), authorizations control who can view, edit, or manage specific projects and their details. This ensures data security and allows team members to work effectively on their assigned tasks.

General Authorizations (ACL):

  • Set up by the system administrator for all users.

  • These let users perform basic functions, like:

    • Creating, editing, viewing, or deleting templates.

How Authorizations Work:

  • Permissions can be given to:

    • Individuals, groups, or organizational units.
    • Based on roles

PPP Authorization

PPP Authorization determines precisely who can perform specific actions within SAP PPM. These permissions are managed using PPP Action Codes, which allow control over single actions, such as READ_PROJECT_FIELDS or WRITE_PROJECT_RESPONSIBLE. This contrasts with the standard ACL, which governs broader levels of access (e.g., Admin, Write, Read, Not Authorized) for an entire entity (like Project, Task, Phase or Item).

Key Differences Between ACL and PPP Authorizations:

  1. Standard ACL:

    • Applies general access levels (e.g., Read-only, Write).
    • Cannot restrict individual actions.
    • Example: A “Read” user cannot make any changes to a project.

  2. PPP Authorization:

    • Based on Action Codes, restricting individual actions even for users with broader ACL permissions.
    • Allows granular control, such as restricting “Write” access to specific fields.
    • More Restrictive Wins: If ACL grants “Write,” but PPP Authorization denies WRITE_PROJECT_RESPONSIBLE, the user cannot change the responsible person.

How PPP Authorization Works

PPP Authorization determines who is allowed to perform specific actions, as defined by the PPP_ACTION_CODE. This allows rules like:

  • “Admins may do everything.”
  • “Read-only users may only view projects.”

Logic:

  1. Empty Table = Full Access for All Users
    If the PPP_AUTHORIZATION table is empty, all users have unrestricted access.
  2. Entries Define Restrictions
    Once entries are added, restrictions apply based on combinations of attributes (e.g., action code, role type).
  3. Blank Line = Full Access
    Adding a blank row in the table grants general access to all users. Specific rows can then impose restrictions.

See Also