How to give access to audit data for users in SAP Ariba Procurement?

	English	
Deutsch - Machine Translation Español - Machine Translation Français (France) - Machine Translation Italiano - Machine Translation 日本語 - Machine Translation 한국어 - Machine Translation Português (Brasil) - Machine Translation Русский - Machine Translation 简体中文 - Machine Translation

FAQ KB0395007

Symptom

I would like to provide access to users to extract data from the Audit Log files; however, they do not wish to provide any further access to other areas of SAP Ariba Procurement P2O/I.

Resolution

Two new groups have been introduced that enable users or auditors with necessary permission to access the Audit Log section and provide them read only access to All documents in P2P. The groups are named Audit User and Audit Buyer. Each group's access is explained:

Audit User:

Users who belong to this group should have access to the:

Audit logs in the Core Administration pages.
In case of integrated realms, the users belonging to this group can view the audit logs belonging to both S4 and Buyer. There is no application-specific restriction.

Audit Buyer:

Users who belong to this group should have access to the:

Read only permission for all buyer-specific documents in the realm.
Read only permission to all the buyer-specific documents of that purchasing unit (PU) in the realm if a user of this group is responsible for a PU and the realm has Org Visibility turned on. (Responsible user concept.)
All of the buyer-specific documents of the PU (for example: requisitions, invoices, contracts, timesheets, expense reports, receipts, etc.)

See Also

Restrictions:

When a user is viewing a procurement document, for a few documents like a requisition, a Visible to Supplier checkbox appears. Using it, the viewer can add external comments and attachments that the supplier can see.

To restrict the Audit Buyer group from adding external comments and attachments, this Visible to Supplier checkbox can be hidden. To hide the Visible to Supplier checkbox, a new parameter called RestrictAuditRole is added to the Parameters section of Customization Manager.

This parameter is set by the CustomerSupportAdmin for the customer realm who wishes to use this Audit Buyer group and wants the Visible to Supplier checkbox hidden. The RestrictAuditRole parameter accepts a list of Role Names. By default this list is empty to support the default behavior of the system. Role names can be added to the parameter by clicking the Edit button, which leads you to a user interface (UI) screen where the roles' names can be entered manually. The role name for Audit Buyer is AuditBuyer, no space between Audit and Buyer, which needs to be added to this parameter.

Limitations:

Eforms
- Eforms are managed by a different set of permissions, which the superuser determines while publishing the Eform.
- If the Eform has unrestricted access, the superuser wants that Eform to be viewed, created, edited and deleted by everyone in an unrestricted manner.
- If the Eform has restricted access, that Eform cannot be viewed, edited, created or deleted by any user.
Custom Groups will not work with this parameter, the user must be in the out of the box (OOTB) group Audit Buyer.

Applies To

Core Procurement > Core Administration > Core Administration User Management