on 12-16-2008 2:41 PM
Hello Experts,
I am dealing with an issue concerning Access Control Engine.
After configuring as written in the blog I have a problem with starting the SM37 job.
The functionality seems to work because the search hits are reduced to zero.
Because the job ACE_DISPATCHER was not created the tables aren't filled.
Any suggestion on getting the job available.
Regards.
Ab
Edited by: Ab Diko on Dec 18, 2008 9:25 AM
Hi Ab,
may be I should be more precise. I fear that your select on BUT000 is slow and WRONG. You may check the class CL_CRM_ACERULE_ENDCUSTOMER that shows how to do an ACE rule based on a relationship type (even if it is a different one than yours).
Hermann
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Hermann,
Thanks again, we will check your comment after we have the functionality working. Must say that we building it slightly different then in the blog. We want the check to be on sales org for BP's.
After we got the functionality working we will make the adjustments, but still the question about the empty tables is there.
Thank you very much.
Hi Ab,
sounds like your ACE implementation class do not return the correct actors. You may debug your implementation in SE24 passing in the BP GUID resp. an authorized user id to see if the correct actors are returned. And again I would recommend to check the above mentioned SAP implementation on how ACE implementations are done in general.
Hermann
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In ACE_RUNTIME you can see the result of ACE inplementation, I mean that you can see which users can see which objects. So here you can see if your ACE methods works fine. If there is no data you must check your methods, job and all ACE parameters. If in this table you can see data so ACE works fine, and it is not necessarily that all ACE tables must be filled.
Best regards,
Artur Litvinov.
Hi Artur,
Your remarks are very helpful. I now get search hits in my UI.
We are getting somewhere! We get the hits for the testuser that is part of the user group but other users get zero hits in the object types. These users should not be affected by the ACE.
Do you know why?
Thanks for you help so far, regards.
Bram
Hello!
Go to IMG - CRM - Basic Functions - ACE - Prerequisites and do all the necessary steps. When you create ACE_DISPATCHER in Parameter field enter you client.
Best regards,
Artur Litvinov.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Artur,
Your direction really helped me on my way. I should read better.
Since you are familiar with the topic maybe you can help me further.
After the right is activated and the job has run the tables (CRM_ACE_BP_GRP and others) still are empty. Since we are struggling for some time with all sorts of auth issues I am quite sure the ACE will meet our requirements.
Hope you can give the solution.
Hi Ab,
I started reading your web log. I stopped when I saw that you select the complete BUT000 table. This is a no no for performance reasons.
SAP ships some ACE rules that control access to business partners by relationship type similar to your scenario. Some SAP rules use the relationship type "is end customer of". This info should be sufficient to find them.
The coding used there may help you on your implementation.
Hope that helps
Hermann
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.