Kontakt

Ansicht
Dokumentation

CRM_ACE_CUSTOM - Maintain General Parameters

CRM_ACE_CUSTOM - Maintain General Parameters

BAL Application Log Documentation   ROGBILLS - Synchronize billing plans  
This documentation is copyright by SAP AG.
SAP E-Book

In this Customizing activity, you can define general parameters for the Access Control Engine (ACE).

General parameters

  • ACE_IS_INACTIVE
Default value:
In this default setting, the full ACE authorization check runs.
If you flag this setting with the value X, you deactivate the ACE.
  • RESTRICTIVE_MODE
Default value:
In the standard system, the user generally has access to requested objects in the following cases, regardless of whether this access is given by an active ACE right:
  • ACE is inactive

  • Requested action unknown

  • Requested object type unknown

  • User is not active in ACE

If you flag this setting with the value X, ACE is in a mode in which the user only has access to objects contained in the ACE authorization check if an activated ACE right grants him or her this access. In the cases listed under the standard system, users generally get no authorization.
  • ACE_UCT_EXPIRATION_SECONDS
Default value:
In the parameter ACE_UCT_EXPIRATION_SECONDS, you can specify the number of seconds after which the user context expires and will be recalculated automatically.
If you do not maintain a value, the system default is 57600 seconds (16 hours).
If a user's context has expired, automatic recalculation is triggered, at the earliest, by the next ACE action for that user. An example of an ACE action could be an authorization request for an object.
  • ACE_NOC_EXPIRATION_SECONDS
Default value:
In this parameter, you can specify the number of seconds after which the entries in the New Objects Cache are deleted.
If you do not maintain a value, no objects are deleted in the cache. As a result, the user has full access to all objects that he or she creates in the current session.
If you maintain the value 0 (zero), the New Objects Cache is deactivated and does not save new objects for a user. Using this parameter value could make sense if a user should generally not have access by way of the cache to objects that he or she just created.
Note: Even if the New Objects Cache is deactivated, ACE grants full access to new objects created by a user until the calculation of the authorization data in the background is finished.
If you maintain a value, such as 3600, all objects in the cache that were saved there more than 3600 seconds ago are deleted. In other words, the user has 3600 seconds of full access to the new object that he or she just created. However, if the user closes the session before 3600 seconds have passed, the automatic full access for these objects ends at this time.
For more information and recommendations about how to use this cache, see the ACE section in the corresponding security guide.
  • NO_AUTO_USERCONTEXT_REFRESH
Default value:
You can use this parameter to influence the behavior of the automatic user context calculation.
Through the default value, the user context of the right/ assigned user is recalculated every time rights are activated or deactivated.
If you flag this setting with the value X, then the context calculation during activation/deactivation of rights is not started automatically.
Note: This parameter has no influence on the automatic calculation controlled by the ACE_UCT_EXPIRATION_SECONDS parameter.
  • USE_UOC_UP_TO_X_OBJECTS
Default value:
You can use this parameter to influence the usage of the user objects cache. This cache saves object access authorizations for the last requested object at user level for the current session.
Value 0 (zero) deactivates the cache.
Value >= 1 activates the cache.
If you do not maintain a value, the cache is activated.
  • NO_CHECK_IF_TCODE_SET
Default value:
In this default setting, the ACE authorization check is not restricted.
If you flag this setting with the value X (upper-case letter), then system variable SY-TCODE is checked before the authorization check. If this variable has a value, then the ACE authorization check gets the response "Yes, allowed". When calling from the SAP GUI, the system variable typically has a value; when calling from the WebClient UI, it does not. You can therefore activate the ACE check for the WebClient UI and deactivate it for authorization requests from the SAP GUI.
  • TREE_DISPLAY_MODE
Default value:
You can use this parameter to make settings for the display behavior of the tree nodes. The value influences the tree structures in ACE transactions ACE_ACTIVATION and ACE_UPDATE.
Possible values are:
  • ALL

All entries for the respective node are displayed.
Warning: If you display all entries, you may quickly fill the maximum display area of the tree. Then the following nodes are no longer displayed.
  • FIRST

Only a adjustable subset of entries for the respective node is displayed. The number of entries is controlled by the NUM_OF_VISIBLE_NODE_ITEMS parameter.
This is the system default if you do not maintain the parameter.
  • NUM_OF_VISIBLE_NODE_ITEMS
Default value:
You can use this parameter to set the number of objects for each tree node after you have used parameter TREE_DISPLAY_MODE to set the display behavior of the tree nodes to 'FIRST' or .
If you do not maintain a value, the system default is 100.
  • RUNTIME_LOG_LEVEL (OBSOLETE)
Default value: ERROR
This defines the number of levels to be used to log runtime checks in the ACE. If this entry is missing, the ERROR level is used. Possible values are:
  • ERROR

  • INFO

  • WARNING

Parameters that control the calculation of authorization data in background processes

  • ACTIVATION_PCKG_SIZE
Default value:
This defines the maximum number of objects that can be transferred as a package to a background process for the calculation of authorization data. To do this, the system uses half of the package size for objects from the authorization activation and for objects that were recreated or were changed.
If you do not maintain a value, the system default is 100.
  • MAXIMUM_RUNNING_JOBS
Default value:
Defines the maximum number of background processes that can run in parallel when activating large data records. See also Dispatcher and Trace Table for Background Processing. If the value is greater than half that of the resources available, the number of jobs is restricted to half of the resources available.
If you do not maintain a value, the system default is 10.
  • DISP_SHUTDOWN_DELAY_TIME
Default value:
You use this parameter to control how long, in seconds, the ACE dispatcher process is to wait before it shuts down. See also Dispatcher and Trace Table for Background Processing.
If the worklists are empty and no more background processes are running, a countdown of the duration defined in this parameter starts. If new objects are written in the worklists during the countdown, the countdown stops and the dispatcher process starts new background processes. If, on the other hand, the countdown reaches zero, the dispatcher process ends to release its resources.
If you do not maintain a value, the system default is 10.






RFUMSV00 - Advance Return for Tax on Sales/Purchases   CPI1466 during Backup  
This documentation is copyright by SAP AG.

Length: 9732 Date: 20240523 Time: 161713     sap01-206 ( 137 ms )