cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assignment pfcg-role to user and assignment pfcg-role to business role

Go to solution
Former Member

on ‎11-20-2008 2:26 PM

0 Kudos

Hello, Gurus!

What is the difference between direct assignment pfcg-role to user and assignment pfcg-role to business role? What is the effect from assignment pfcg-role to business role?

As I see authrizations from pfcg-role assigned to business role have no effect to user...

Best regards,

Artuк Litvinov.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

padma_guda
Participant
‎04-14-2009 6:35 AM
0 Kudos

Hi Artur,

The Business Roles feature in CRM 2007 is a very interesting concept.

Business Roles mainly control the UI part of the screen, like what work centres are visible, what links are available, etc. They are mainly used for navigation bar customizing.

Each Business role has an assigned PGCG role, which is nothing but a set of authorizations to access the data. For example, say a pfcg role P1 is assigned to business role B1 has authorization to display Accounts. This Role P1 is very generic.

Lets say you have a scenario in which multiple users belonging to different regions have been assigned the same business role B1 and all of them have authorizations to view Account due to the pfcg role P1. You want to change this and allow every user to access Accounts belonging only to his region (sales org specific). These sales org specific functional profiles which are more specific, can all be incorporated into pfcg roles and assigned to individual users (SU01 transaction, User maintenance). Hence though all the users have access to Accounts, they will be able to view Accounts of their region only due to the pfcg roles assigned at the User level.

Hope this is clear!

Regards,

Padma

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎09-24-2012 11:02 PM
0 Kudos

Hi

this evening I wrote a pretty solid post about this topic! you are welcome to read it if you want:

http://sapuniversity.eu/logon-is-not-possible-because-you-have-not-been-assigned-to-a-business-role-...

cheers

Davy Pelssers

Show replies
Show replies
Former Member
‎08-01-2015 2:01 PM
0 Kudos

Excellent and very helpful Davy !! Would like to see more from your blog.

Cheers!!

Former Member
‎11-21-2008 3:34 PM
0 Kudos

Stephen, thanks for your qestion. But can you explain for what we must assign pfcg role to business role? What is the effect from it?

Best regards,

Artur Litvinov.

Show replies
Show replies
Former Member
‎04-14-2009 6:01 AM
0 Kudos

Hi all,

How to assign Business Role to the User. Is there any particular transaction code.

Thanks.

Neha.

stephenjohannes
Active Contributor
‎11-20-2008 9:33 PM
0 Kudos

The business role controls the menu while the PFCG role controls the underlying functional authorizations. In other words the business role controls what links are available for display, while the PFCG role controls the data that can be displayed.

You can have access to say the accounts screen, but not be able to view any account data if you dont' have the authorizations.

Normally there is a one-to-one correspondence between end-user composite role and the business role. The beauty of this is you don't have to setup your users in an organizational structure to give them the proper menu/business role.

There is a PFCG object that controls links and displays but that would mean your poor security person would need to maintain several hundred values. We have chosen instead to use the business roles to control what links a user can navigate to instead of using UIU_COMP.

Take care,

Stephen

Show replies
Show replies
Former Member
‎11-21-2008 9:30 AM
0 Kudos

Stephen, my quection was not about diference between pfcg and business roles. For example, there is authorization object UIU_COMP, wich is nessesary for WebUI. So if we have this object in directly assigned to user pfcg-role, WebUI works fine, but if we have this object only in assigned to business role pfcg-role, WebUI doesn't work.

Best regards,

Artur Litvinov.

stephenjohannes
Active Contributor
‎11-21-2008 2:24 PM
0 Kudos

Artur,

The business role assignment does not give a user that PFCG role. Instead it is just a mapping table and does nothing more.

Therefore that UIU_COMP auth object must exist in the PFCG roles assigned to the user in order for them to use the webclient. In your scenario let's do the following:

You have pfcg roles:

RA

RB

You a have business role

B1

You have users:

Joe

Jack

Business Role B1 is assigned to role RA which contains UIU_COMP.

User Joe gets business role B1 and roles RB which does not have UIU_COMP. This will not let him use the webclient.

User Jack gets business role B1 and pfcg role RA. This will work because everything is there.

This means you need both the correct PFCG plus business role setup to make it work properly.

Take care,

Stephen

Ask a Question