3 Replies Latest reply: Feb 28, 2012 6:58 PM by Laercio P. Azevedo RSS

Change authorization to a user for a particular Business Partner Role

Kivanc Bilgin
Currently Being Moderated

Hi,

My requirement is simple. I have two set of users in my project.

 

Set A will be

1- Creating business partners with role Prospect

2- Changing PROSPECT business partners's master data

3- Display it

 

Set B will be

1- Changing and Displaying all business partners irrespective of their roles (prospect, sold to party, employee.)

 

When I grant access the authorization object B_BUPA_RLT with ACTVT 01, 02, 03 and BP Role BUP002 (Prospect) only (for Set A) to a PFCG role, the user who has that PFCG role can still change any business partner irrespective of the business partner's role.

 

Authorization object CRM_BPROLE is inactive in my PFCG role here, as per my understanding, it is used for checking if a user has authorization to assign a BP role to A BP (Not a big of concern here). Please correct me if I'm wrong.

 

I studied badi BADI_CRM_BP_UIU_AUTHORITY and enhancement implementation BADI_CRM_BP_FILTER_ATTRIBUTE but none of them seem to fit in to my requirement.

 

Do you have an idea/recommendation on how to proceed from here? Or am I missing something big which should be right in front of my eye?

 

Thanks for your time,

  • Re: Change authorization to a user for a particular Business Partner Role
    Glenn Michaels
    Currently Being Moderated

    you should sit with your security group.  They should activate CRM_BPROLE and you want to limit BP Role to BUP002 which should limit their rights to that role.

    • Re: Change authorization to a user for a particular Business Partner Role
      Kivanc Bilgin
      Currently Being Moderated

      Hey Glenn, thanks for your input.

      Here are my active assignments (and my ideas about the usage of authorization in parenthesis)

       

      B_BUPA_RLT

      ACTVT: 03  Role: BUP002, CRM000, CRM002, CRM003, CRM004, ZCRM000 (the user is authorized to display six all roles)

      ACTVT: 01, 02  Role: BUP002 (the user is authorized to create a business partner only in BUP002 role. He/she is authorized to change a business partner's data only if BP has role BUP002 assigned to)

       

      CRM_BPROLE:

      ACTVT: 01, 02, 03  Role: BUP002 (If BP has BUP002 role only, user is authorized to change/display BP's data)

       

      With that authorization info, the user can still change a BP who has CRM000 (and not BUP002 role). How can I achieve that the user should have the authorization to change the BP's with role BUP002, and not BP's with other roles?

       

      Additional experience: In the situation below, user cannot change any BP's master data.

       

      B_BUPA_RLT

      ACTVT: 03  Role: BUP002, CRM000, CRM002, CRM003, CRM004, ZCRM000 (

      ACTVT: 01  Role: BUP002

       

      CRM_BPROLE:

      ACTVT: 01, 02, 03  Role: BUP002

       

      But when I grant B_BUPA_RLT ACTVT: 02 Role: BUP002 only, I happen to come the very first situation, as he/she can change all BP's master data.

      • Re: Change authorization to a user for a particular Business Partner Role
        Laercio P. Azevedo
        Currently Being Moderated

        Hi there,

         

        Have you seen this note:

         

        Note 1129682 - Authorization for BP roles

         

        Symptom

         

        Within the account (or contact or employee) application You intend to restrict authorizations for users to maintain bp roles in assignment "Roles".

        For this purpose, You define appropriate authorization values and generate authorization profiles for auth.-object B_BUPA_RLT. But in the account application the defined restrictions are not considered.

        In SAPGUI maintenance of business partners resp. bp roles, the restricted authorizations are taken into account.

         

        Reason and Prerequisites

         

        Authorization object B_BUPA_RLT, as used for SAPGUI-maintenance of business partners, can't be used in CRM WebClientUI

         

         

        Regards,

         

        Lalas

Actions