on 11-19-2015 8:08 AM
Hi Experts,
I have 2 typical requirements:
1. I have two roles for sales managers (say SMA and SMB). SMA should have access to ONLY Transaction T1 and SMB should have access to only Transaction T2 .
2. Now under the above two sales managers there are a few sales executives ( say Role SEA and SEB) . There may be many sales executives who are assigned to a same role SEA. These sales executives should have access ( Dipslay/Edit ) for ONLY their OWN DOCUMENTS.
3. Sales manager (SMA) should have access to all the transactions created by his sales executives ( all sales exe assigned to SEA) but NOT the sales xecutives assigned to role SEB.
Which authorization objects should we use for this combination?
Thanks and Regards,
Aneesh
http://help.sap.com/saphelp_crm70/helpdata/en/48/a44236ceb873e8e10000000a42189b/frameset.htm
Hi Aneesh.
You will need to check information about authorization check from above link and design your auth check customizing. Hope it helps.
You will also need to specify what is the ROLE you are referring to? BP role?
Spencer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anees,
I am sure, you know about the process of authorization check. To solve this authorization, we may need to know about the organization structure as well.
Do you have two different sales group in this organization structure?
Warm Regards,
Dinesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dinesh,
I have assigned the user to proper Sales Office as shown below:
I have also set the auth objects as shown below:
Note: I have copied the standard sales pro 's pfcg and created my own Z PFCG role.
I has getting some errors with object" S_Service" so I deactivated this object and generated the model.(hope that has no inpact)
Is there anthing else I am missing. I am trying out scenario 1 first where each role will have access to only specific transaction type.
Hi Anees,
In our scenario, i have kept 2 virtual sales org in org structure. I have assigned one sales manager to first sales org and second sales manager to second sales org.
Create two PFCG role. Create first PFCG with Transaction T1 and another with Transaction T2.
I haven't activated the role CRM_ORD_PR.
This will solve your first Query.
All the best.
warm regards,
Dinesh
Hi,
I assigned one sales manager to one sales org. and maintained the auth obj CRM_ORD_LP only. I deactivated all other objects CRM_ORD_PR and OE and OP etc.
Still this user is able to create all other lead transactions.Somehow I feel no matter what I do the system behaves the same way. Nothing quite changes.
User is assigned to Pfcg role.
BP role is assigned to Pgcg role.
User assigned to BP role
What should be the entry for profiles for that user (su01)? By default its SAP_All. I believe this has to be changed . What are the entries that need to be there? May be thats the reason nothing is affecting my authorizations.
I have achieved the first part by using LP and PR.
My problem was mainly because of SAP_ALL and SAP_NEW as profiles in su01. Once I removed these two I set S_TCODE auth obj to full authorization. I also set the business role in the UI parameter ...again in su01. The first scenario works fine now. Thanks!
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.