Skip to Content
avatar image
Former Member

Restrict access to Setup features for users?

Hello all

I was just curious to know if there is way to restrict access to the "setup" icon feature of E-sourcing. I don't want user to do anything else other than change his password in the "setup" . He should just be able to change his password nothing else

What happened was a user changed the name of Master Agreement Document and it was a very critical document and the changed happened through out the system.

So how can I restrict the access to SETUP for users so that the user can just change his password nothing else. He will not have any other access. Any ideas?

Step by step will be greatly appreciated

Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jan 09, 2009 at 03:06 PM

    Hi -

    For the most part, this is accomplished using E-Sourcing Security Profiles. Security Profiles are the place in the system that define the level of access a user has to the system objects and areas. The level of access or "Permission" as it is called in the system is things like "Create", "Edit", "View", and other similar items. In addition, for many functional objects, there is also a permission called "setup" - this permission defines whether or not the user associated with the security profile has access to the object via the Setup page.

    Out of the box, E-Sourcing does not provide a set of Security Profiles that will limit access to the setup page, so configuration to the profiles (and a few other things I will mention below) will be required to accomplish your goal of not providing access to the setup page items.

    I performed a test of this functionality by assigning a user to the "Application User" security profile only. This is the lowest level security profile and all users must be assigned to it. I found that it did not elimate all access to the setup page. As a result, I needed to edit the Application User security profile and set the "value" of the "setup" permission in various places; for some reason, the system out of the box provides setup access to a few objects in the Application User profile (my opinion is that this should be changed, but that is something for SAP to do). You access this security profile as a System Administrator from: Setup > System Administration > Accounts and Security > Security Profiles.

    With the changes to the application user security profile in place, I found that the access to the setup page was dramatically reduced, but still not entirely eliminated. As it turns out, there are about 8 reports that are available via the setup page (3 reports in the Queries and Reports setup area and 5 in the Administrative Reports setup area). In order to remove access to those reports, I needed to adjust the security on the actual E-Sourcing report. The easiest way to do this is as a system adminstrator go to: Setup > Queries and Reports > Analysis Reports Setup and choose Setup in the list. This will provide you view access to the configuration of the Setup page (you are not allowed to edit this configuration). In this configuration area, you can navigate through the sections of the setup page to the actual reports that are available there. Once in the report, you can edit it and change the "Access List" to include users or groups that should have access to those reports. For the most part, I believe these reports should only be available to System Administrators, so adding that group to the Access List is probably the best course of action.

    With these changes in place, users associated with only the Application User security profile will not have access to anything on the setup page (the link will still show at the top of the page, but the page will be empty when navigated to).

    From here, you will need to build up the appropriate security profiles for other users to give them the appropriate level of access to the module areas (e.g., RFx, Auction, Contracts, Projects, etc). Keep in mind, however, that these security profiles should not enable the "setup" permission either.

    In your specific example below, it seems the user had Edit permission to the Master Agreement Type. Independent of the changes I described above, the user should NOT have had the permission. You will likely need to make those adjustments as well to the profiles.

    I hope the detail provided in this reply is sufficient. I understand the steps are a bit complicated, but hopefully the logic if it all makes sense.

    Good luck.

    Regards,

    Rob Stevenson

    Add comment
    10|10000 characters needed characters exceeded