Standard authorization role for CRM implementation team member

Similar Messages

• Developer Role for CRM Functional Team

  Hello,
  I would like to have your inputs on creating a developer role for CRM Functional Team in Dev system.
  I found a standard role SAPCRM_DEVELOPER , does it has sufficient Authorisations to carry out the config work in CRM or do we need any more additional Auth.
  The team members also have IC AgentIC ManagerSrv Pro roles as well.
  Thanks in advance
  regards
  sam

  Hi,
  You don't need a role to development team. You can assign the auth. in dev system and perform the tests in the specifics roles.
  Best regards,
  Caíque Escaler

• Required Authorization Role for E-commerce manager

  Hi ,
  Could you please tell me required Authorization Role for E-commerce manager and catalog administartor?
  Thanks.
  Regards,
  PV

  SAP_CRM_ECO_ISA_WU_B2B_FULL           CRM-ECO: ISA Internet User (Full Document Authorization)             ISA_B2B_FULL
  SAP_CRM_ISA_UA_SUPERUSER              Internet Sales User Administration Authorizations                              Superuser
  *SAP_CRM_ISA_WEBSHOP_MANAGER     *    Authorizations for the Internet Sales Web shop Manager         Webshop Manager
  SAP_CRM_ECO_ISA_WU_B2C                  Internet User for B2C

• How to create authorization role for just displaying query prefix Q and X.

  Hi Expert,
  I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
  Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
  where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
  -->Manually Business Information Warehouse
      --> Manually Business Explorer - Components
  Activity : Display, Execute, Enter, Include, Assign
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : *
  Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
      --> Manually Business Explorer - Components
  Activity : Display, Execute
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : Q* , X*
  Type of a reporting component : Query
  But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
  Please assist. Very much appreciate your help. Thanks.
  Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

  Question close. This issue has been resolved.

• Authorization restriction for CRM 2007

  Dear Experts,
  We are in process of defining the authorization matrix for CRM 2007 for end users who will be using Web UI.
  Here my requirement is the service orders created by USER1 should not be displayed by USER2 and vice-versa when they do a search in both Web UI and GUI in Tx CRMD_ORDER for service orders.
  Please let me know how can I acheive this and what is the auth. object for the same.
  Thanks & Regards,
  Sharath

  Dear babu,
  If I understood your request, you want that, only one user will be able to access the document. If you want to do that, this is the answer:
  At tcode PFCG you shoud set:
  First you must set what type of document will be avaible to the user, in this case Z020.
  CRM_ORD_PR: PR_TYPE 'Z020',ACTVT '*'
  Next you must set which activities they will be able to do (notice, you must set the same field in the previsou object(
  CRM_ACT: ACTVT u2018*u2019
  And then you set which partner function or partner category are able to access the document, here is the main point !
  In this example I set that only users who has Partner Category (not partner function) Employee Responsible (std partner category 0008) are able to access the document
  CRM_ORD_OP: ACTVT '', PARTN_FCT '', PARTN_FCTT '0008'
  Here you can notice again field ACTVT, here you will set what user are able to do, "*" means everything, "1" = create, "2" = modify, etc. (I can see the list at PFCG, adding the auth. object to the PFCG profile).
  I notice only std partner function or partner category works with this object. I sent a message to sap support, and they confirm that, so if your user has Z partner funcition or category it is not possible to do that.
  Summary, your user must be present in the partner list of the document, and they must have a partner function or partner category std. It is possible to set together both values PARTN_FCT  and PARTN_FCTT, but I think it is not necessary.
  The easy way to do that is, user who will be able to access the document, must be the employee responsible.
  This help is very usefull
  http://help.sap.com/saphelp_crm60/helpdata/en/4a/b9f63a8ab2c745e10000000a114084/frameset.htm
  Regards,
  Lalas
  ps.: As you should know, only one partner function must have partner category Employee Responsible, in the partner det. procedure, otherwise, you will get error message in your application.

• Standard Display Roles For Queries in BW

  Dear All,
  Could you Please share the Standard Display Roles For Queries in BW.
  Thanks
  Regards,
  Sai

  Hi Sai,
  You can find query specific roles in metadata repository.
  Also try this table in
  SE16. AGR_OBJ
  Other useful tables might be:
  AGR_DEFINE -      Role definition
  AGR_USERS -      Assignment of roles to users
  AGR_HIERT           Role menu texts
  AGR_AGRS           Roles in Composite Roles
  If you need to find user specific roles, check Tcode SUIM.
  Hope this helps.
  Thanks

• Authorization Role for S_ALR_87099918

  Hi all,
  I am not sure if this is the right place to post this one (if it is not, please tell me which one is, i have tried to search the forum, but can't seem to find the place to post about this "security" problem)
  Currently having a trouble while creating the authorization role for transaction s_alr_87099918 (primary cost planning : depreciation / interest).
  I have already maintained the authorization objects:
  -  A_A_VIEW and
  - A_PERI_BUK
  Checked with Su53, but no missing authorization object or anything
  While executing the transaction, the system said "no records were found", when i execute it with another ID, there are results. I have checked the parameter input-ed, both are already the same.
  I am wondering if anyone has ever experienced this before? 
  What can be the possible cause and the solution?
  Thank you so much
  Regards, Erwin
  Edited by: Erwin Hartono on Dec 3, 2010 9:39 AM

  Sorry, my deepest apologies, i think i found the right place to post this

• SAP Roles and Access for SAP Implementation team members

  Hi,
  Is it correct practice to give SAP_ALL role access for all SAP Implementation team members in Dev and QA?
  If not, what is the correct practice?
  Kindly let me know

  Madhu,
  It is NOT correct practice to give anyone SAP_ALL in any of the systems; not DEV, not QAS, and certainly not PRD. However, many implementation teams (and particularly consultants from SIs) insist that they cannot possibly do their jobs without it. This is completely incorrect as there are specific roles for them to use for that purpose. The only circumstance where it could be justified is if you require a special "firefighter" role - and even then, I would still be a bit doubtful.
  You should also consider that once you have given someone SAP_ALL, they will fight tooth and nail to keep it. It also means that they probably are not testing the user roles correctly. Most of those that insist they need it simply do not understand the security issues and probably don't care.
  Just think; if they have access to do soemthing that they shouldn't and then cause a big problem, are they the ones that will have to fix it or are they going to expect you to do it? If they expect you to clear up after them, then you have the right to insist on restricting their access to cause issues in the first place.
  But I know just how demanding they can be....
  Best of luck
  Tony

• Authorization Role Practice in Implementation Project

  Gurus,
  Okay, I've been implementing SAP R/3 for around 5 implementation cycles, before realizing my method for creating role may be outdated. I need your advice regarding this.
  Here's my common scenario on every implementation project in realization phase:
  1) Functional Consultants hand over their authorization matrix to me
  The matrix will be the role name to created, along with its transaction code and authorization object.
  There's also user assignment to each role.
  2) I created the role in PFCG.
  Reference, single, composite role. Anything you can build in it.
  3) Map the SAP user to appropriate role
  Now here's the interesting part.
  Users will then be given their own SAP User on UAT phase.
  When they try to do transactions, almost every time, every one of them'll stumble upon "No authorization" error.
  What I do is, check their SU53 object, add corresponding object, then let them test again whether it fixes the error.
  The authorization matrix given by consultants will not have every needed auth. objects.
  It can't be helped. You can't also just put the Full Authorization (*) to object you don't familiar with.
  How do you usually do this?
  Any helpful tools?
  Thanks for help.
  Regards,

  Hi,
  Generally role matrxi should contains every info what eve they needed to create the Role for the functional folks.
  in you case there is some missing things that is interrupting you so better you can focus on Standard SAP roles and study that roles properly before you creating any Customizatio roles.
  so that you will get an idea what are all the objects you have to use to create MM roles and also what are all the objects you have to use to create SD roles etc etc....
  so please try to read the Standard role first before creating the custmoiztion roles.
  -Srini

• What is standard authorization object for  Personal development  P_PLOG

  Hi,
  Recently i got a object in HR and i dont have any experince in HR.Could you guide me how to asssign standard authorisation object for the personal development p_plog? how to see the infotypes and what is the header field in innfotypes?

  1-First of all the object is "PLOG"  for personal planning. There’s no object with  p_plog , most of time to maintain HR master we use object P_ORGIN.
  2- You want to assign authorization for certain infotypes?
  if yes, you have to go TR.PFCG  and assign the authorization to that specific role.
  Now you might have question , how you’ll will track down the roles against the authorization object .
  There’re several ways , you can go to Tr.SUIM and find reports by user , roles etc.
  You can also go SE16-> give table AGR_1251, give object and you can see the values in table.
  After finding the suitable roles you can go to PFCG and assign the values to the roles.
  As a good practice its better to create your OWN role Z:hrXXXX and assign it to users.
  Hope this’ll give you idea!!
  <b>P.S award the points.</b>
  Good luck
  Thanks
  Saquib Khan
  "Knowledge comes but wisdom lingers!!"

• What authorization-roles for user login (java stack)

  Hello SAP-Fans ,
  which authorization role needs to be assigned to the users for logging into a java-stack on port 50.000?
  We always get the error-message: "Error 403 forbidden, You are not authorized to view the requested resource."
  I know this is a beginner's question. Java is completely new to us.
  Thanks in advance
  Danny Winn

  Hi Danny,
  Welcome to SDN,
  Logon to the portal with the user Administrator, go to User Administartion and create a user for yourself by assigning Super Admin Role.
  portal Url must be http://<host.fqdn>:50XX0/irj/portal where XX is the system number in this case 00.
  You will able to see at the user admin tab all the SAP standard roles.
  regards
  Juan
  Please reward with points if helpful

• Authorization roles for release strategy FRGSX

  Hi guys,
  we are using R/3 4.7. We are going to implement release strategy for Purchase orders in our company .
  We have customized different release groups, for several release strategies and release codes, without implementing any workflow.
  We have a problem on authorization roles because we assigned for each combination of release group and release code a authorization role but it is not sufficient to restrict the role for users because we don't take into consideration the release strategy.
  We had a look on the system but we didn't find any object related to release strategy (techical name FRGSX).
  Could you someone help me?
  Thanks in advance
  Vir

  When assigning user authorization for PO release strategy each user is assigned to release group and release code. You cannot make a connection between specific release strategy to user.
  Pay attention that the authorization needed are also for change PO (ME22N) - meaning you can limit the users by all the authorization values of the ME22N objects.
  Use t.code SU24 to explore what auth. are checked in each transaction.
  Nir

• "standard" SAP roles for Sales and Operations Planning (SAP SOP)

  Hallo,
  I´d like to ask SOP specialists, if there are any "standard" SAP roles, which could be created when SOP is implemented into the SAP system.
  If not, could you please send me advice, what is (are) the general role(s) for SOP (which SOP transactions and roles)?
  Thank you for your effort,
  Martin

  -->
  If you dont have the role --> open OSS
  if you dont find it because there are so many:
  Good luck :-)

• What are the roles in CRM implementation Project(all generic extractions)

  Hi Gurus,
  Now I am placed from a support project from BW (CRM) implementation project(all are generic extractions).
  & I am also new to implementation project.
  what are the neccessary steps to be taken when we are implementing BW for CRM.
  Gurus please clarify my doubts.
  1. what are the steps in implementation project in detail(as a developer).
  2. what are the sizes of the cubes,ODS & How to decide them.
  3. what are the neccessary steps for Master data & Transaction data.
  4.How to make the functional specifications for Infoobjects,cubes,ODS,Remote cubes,Multiproviders.
  5.can we change to delta loads to full loads if yes what happens to existing data.
  6.How flat file extraction used in the case of crm& how to do ascii format.
  7.What are the steps to be taken when we are creating Queries & Reports in BW CRM.
  It's very urgent.
  thanks = points.
  Bwcheta.

  1. what are the steps in implementation project in detail(as a developer).
  U have to basically to the techinal design after understnading the functional designs and implemnet the same( creating infoobjects, datatargets, datasources, queries etc.). Then u have to load data and do the unit testing on the same.
  2. what are the sizes of the cubes,ODS & How to decide them.
  Completely the business reqmnet and the data that the client wants to load.
  3. what are the neccessary steps for Master data & Transaction data.
  U have to understand ur master data and transaction data on the basis of whch u have create ur infoobjects and load data in them and finally in the datatarget.
  4. can we change to delta loads to full loads if yes what happens to existing data.
  Sure u can do that by choosing Full update in the infopkg. It will just load the complete data instead of changed records.
  *Hope it helps.

• Help Required in Authorization Roles for Workbooks

  Hi All,
  In our project, we have a requirement of creating a role for users with below authorizations.
  1.     Can display and execute the workbooks in the role menu.
  2.     Can create copy workbooks ( Save as) in the role menu.
  3.     Can not delete the original and the copy workbooks from role menu.
  We are using an authorization object S_RS_FOLD with u2018FALSEu2019 for restricting the user from deleting workbooks.
  We also need to add one more object S_USER_AGR (without u2018Deleteu2019 property) to give the authorization of creating copy workbooks in the role menu.
  Object S_RS_FOLD this is working fine without S_USER_AGR. But after adding S_USER_AGR (without delete property), user is again able to delete the workbooks.
  So how can we achieve both the functionalities where user can not delete the workbook but can create copy workbooks in the role menu.
  Thanks,
  Sachin

  Re: Adding report (query & workbook, templates) in roles
  Go through this thread.
  And in our Project we have created one role for accessing workbooks. in that end user can access the work book but saved one and user cannot resave or delete the work book.
  we have added Auth objects S_TCODE and S_GUI.
  in S_TCODE we have added RRMX and in S_GUI we have given 60(IMPORT) access to the users.
  So that they can just share the workbook. nothing else can be done.
  Try like this. Hope this would help you.