How to limit change categories available for opening changes in SM 9.3x without Process Designer and 9.4x Classic Mode
Prior Process Designer Content Pack, SM does not include a feature to limit what change categories different operators can see when opening changes (Process Designer limit what an operator sees or not by using change roles). In order to get a similar feature, it’s possible to configure Mandanten Security options to accomplish this goal. Please follow the following steps as an example. In this example operators will be limited to Hardware category changes only.
1- Login to SM as a sysadmin user.
2- Go to System Navigator > System Administration > Ongoing Maintenance > Mandanten Security Groups
3- This step creates a security group to assign it to the different operator that this configuration should be applied to. To create a security group just populate Security Id field and click Add button. For this example the value is “Hardware Changes Only”
4- Once security group is created, close the screen and back to System Navigator > System Administration > Ongoing Maintenance > Mandanten Security Queries. In this screen configuration requires the table name (File Name) where the data is going to be restricted for the operators to get access to.
5- Populate “cm3rcategory” in the File Name. Also set Security Group ID to “Hardware Changes Only”. Finally set Restricting Query to => avail.cond=true and name="Hardware". Click add to create the new record.
6- At this point, Mandanten Security configuration is ready, now it’s necessary to specify to the different operator records that they need to use this configuration. In order to do that go to System Navigator > System Administration > Ongoing Maintenance > Operators
7- Search for the operator name, user role or change profile of the operator or operators that require this restriction and search (In this example this test is done with falcon). Once results are back to go “Security Groups” tab and under Security Group add “Hardware Changes Only” value and click save.
8- Finally log out and log back in with the operator that got this configuration and try to open a new change from System Navigator > Change Management > Changes > Open New Change. As this example only defined one single category operator should see a screen like this:
9- If multiple categories are defined in the Restricting Security Query it also should show multiple categories.
10- To finish this topic, it’s important to mention that this same logic can be applied to other tables in SM and a security group name can be shared by multiple tables and its restricting queries to allow SM administrator to easily allow or restrict what operators can see or not.
Thanks for checking this post.