cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Providing access to transactions based on a) roles & b) own documents

Go to solution
former_member184510
Active Participant

on ‎11-19-2015 8:08 AM

0 Kudos

Hi Experts,

I have 2 typical requirements:

1. I have two roles for sales managers (say SMA and SMB). SMA should have access to ONLY Transaction T1 and SMB should have access to only Transaction T2 .

2. Now under the above two sales managers there are a few sales executives ( say Role SEA and SEB) . There may be many sales executives who are assigned to a same role SEA. These sales executives should have access ( Dipslay/Edit ) for ONLY their OWN DOCUMENTS.

3. Sales manager (SMA) should have access to all the transactions created by his sales executives ( all sales exe assigned to  SEA) but NOT the sales xecutives  assigned to role SEB.

Which authorization objects should we use for this combination?

Thanks and Regards,

Aneesh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

spencer_liang
Active Contributor
‎11-19-2015 11:00 PM
0 Kudos

http://help.sap.com/saphelp_crm70/helpdata/en/48/a44236ceb873e8e10000000a42189b/frameset.htm

Hi Aneesh.

You will need to check information about authorization check from above link and design your auth check customizing. Hope it helps.

You will also need to specify what is the ROLE you are referring to? BP role?

Spencer

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎11-22-2015 5:38 AM
0 Kudos

Hi Anees,

I am sure, you know about the process of authorization check. To solve this authorization, we may need to know about the organization structure as well.

Do you have two different sales group in this organization structure?

Warm Regards,

Dinesh

Show replies
Show replies
former_member184510
Active Participant
‎11-24-2015 12:15 PM
0 Kudos

Hi Dinesh,

I have assigned the user to proper Sales Office as shown below:

I have also set the auth objects as shown below:

Note: I have copied the standard sales pro 's pfcg and created my own Z PFCG role.

I has getting some errors with object" S_Service" so I deactivated this object and generated the model.(hope that has no inpact)

Is there anthing else I am missing. I am trying out scenario 1 first where each role will have access to only specific transaction type.

Former Member
‎11-25-2015 5:43 AM
0 Kudos

Hi Anees,

In our scenario, i have kept 2 virtual sales org in org structure. I have assigned one sales manager to first sales org and second sales manager to second sales org.

Create two PFCG role. Create first PFCG with Transaction T1 and another with Transaction T2.

I haven't activated the role CRM_ORD_PR.

This will solve your first Query.

All the best.

warm regards,

Dinesh

former_member184510
Active Participant
‎11-25-2015 7:56 AM
0 Kudos

Hi,

I assigned one sales manager to one sales org. and maintained the auth obj CRM_ORD_LP only. I deactivated all other objects CRM_ORD_PR and OE and OP etc.

Still this user is able to create all other lead transactions.Somehow I feel no matter what I do the system behaves the same way. Nothing quite changes.

User is assigned to Pfcg role.

BP role is assigned to Pgcg role.

User assigned to BP role

What should be the entry for profiles for that user (su01)? By default its SAP_All. I believe this has to be changed . What are the entries that need to be there? May be thats the reason nothing is affecting my authorizations.

Former Member
‎11-25-2015 12:52 PM
0 Kudos

Hi Anees,

even i have deactivated another objects:

could you remove the transaction type from your Org attribute and check it.

Regards,

Dinesh

former_member184510
Active Participant
‎11-26-2015 11:36 AM
0 Kudos

I have achieved the first part by using LP and PR.

My problem was mainly because of SAP_ALL and SAP_NEW as profiles in su01. Once I removed these two I set S_TCODE auth obj to full authorization. I also set the business role in the UI parameter ...again in su01. The first scenario works fine now. Thanks!

Ask a Question