Authorization check in CRM ISA

Similar Messages

• Authorization check in CRM

  Hello All,
  Can some one tell me what are these fields in the IMG supposed to mean.
  1)Screen fieild1 2)Screen Field2
  Path:IMG>CA->SAP BP->BP>Basic Settings->Authorization Management
  >Maintain Authorization types.
  regards,
  Muralidhar Prasad.C

  HI
  Murali these are USer or BP Authoriasation Field settings depends up on
  role he is playing you are giving authiriazations to USers for Ex Sales manger is having diffrent authorizations , marketimng manager , Etc whther he i s key or core
  so you are setting the Set of fields for them set of fields are called segments , 2 or more than that segment will become one screen for the Bp or user, I think you are clear now, Reward points
  Cheers
  Venkat mallela

• Authorization Check in Business Transactions in CRM 2007

  Hi everybody, I have a problem whit the authorization check in CRM 2007.
  This link help me to follow the steps
  http://help.sap.com/saphelp_crm60/helpdata/en/e9/b29a39e7aee372e10000000a11
  I follow this steps:
  1.- Created a new single role on the PFCG
  2.- On the Menu tab add the transaction BSP_CRMD_BUS2000108 (Trax for LEADS)
  3.- On the authorization tab create a new profile and in the authorization data set the values for CRM_ORD_OP: PARTN_FCT ‘00000012’, PARTN_FCTT ‘*’, ACTVT ‚'02,03’
  4.- Generate the authorization.
  5.- Set my user "TESTUSER" on the user tab
  6.- Save the profile
  Then, I login to CRM whit TESTUSER and I see all the leads.  I miss something, what could be the problem ?
  Thanks for your help

  Hi Shaji, Pankaj and Jushan, thanks four your answers.
  I still have the same problem, I want to see only my leads that I´am the responsible, after I generated the authorization and assign the role to my user from tcode PFCG and SU01, I logout and login again and no changes, I still see all the leads.
  Another test I made, I changed the authorization data and set the values for CRM_ORD_OP: PARTN_FCT ‘’, PARTN_FCTT ‘0008’, ACTVT ‚'’   (person responsible)  and the results was the same, see all the leads.
  How works the User Comparisons and how can I check for errors in my pfcg role ?
  Thanks for your help.

• CRM - Process Flow of Authorization Check in Business Transactions

  Hello Folks:
  I have implemented CRM security using Process Flow of Authorization Check in Business Transactions.
  What I have in place:
  CRM_ORD_OP (inactive, don't want access to own documents)
  CRM_ORD_LP (inactive, not using standard org level values Distribution Channel, Sales Group, Sales Office, Sales Organization, and Service Organization.)
  CRM_ACT (active)
  CRM_CMP (active)
  CRM_ORD_OE (active, restricted to display with dummy value ' ' for Distribution Channel
  Sales Group, Sales Office, Sales Organization and Service Organization, as we are not restricting on them)
  CRM_ORD_PR (active and restricted to display)
  Issue:
  Restrictions to display for documents works fine when using CRM backend system and the system throws out a message that you are not authorized to change. But, when i come in through Portals (PCUI), i dont get the display at all and it throws out a message insufficient access authorizations.
  Traces on backend CRM reveal failing on change access for CRM_ORD_LP and CRM_ORD_PR, which we dont want to give out b/c we dont want to provide change for documents.
  OSS notes to SAP have resulted in no results....please advise what is wrong here.
  Thanks
  KT

  Thanks for the Priyanka for the reply, but what you mention is not correct.
  BSP errors are different from what I am refering to.
  The issue is still open...and looks like a SAP bug, which even they havent been able to fix so far.
  Regards,
  KT

• Question regarding Authorizations in SAP CRM 7.0

  Hello,
  The problem is this:
  We have a client who will use two ways of accessing SAP CRM 7.0 data -
  1. CRM Web UI
  2. Mobile devices via standard SAP CRM BAPIs
  Now the situation is that the client wishes to control display authorizations based on the Business Role. Certain Business Roles can allow its User to see Accounts where the User is also Employee Responsible and certain other Business Roles can allow its User to see all those Accounts that are associated with that Role. In summary Business Roles control what an User can see.
  This has already been implemented for the CRM Web UI using the Access Control Engine (ACE).
  Now the questions are:
  1. How do we implement this for BAPI Access?
  2. Should we recreate what has been achieved by ACE, via PFCG Authorization Profiles?
  3. Can we not reuse what has been done by ACE?
  4. What are the runtime APIs that allow somebody to use the authorization checks of ACE?
  5. Does the standard Function Module CRM_ORDER_CHECK_AUTHORITY_ACE help in this regard?
  Any help here will be greatly appreciated. Please let me know if you need any clarifications.
  Thanks in advance.
  Best regards,
  Sudhi

  Hello,
  Normally, some notes are recommended in addition to the current support package implementation because they were developed to solve any known issues. These known issues occurred as side effect of any note which belongs to the implemented support package.
  If you take a look at older release notes, you will see the same.
  This is a part of implementation stack.
  1345085  SAP SRM 7.0 SP Stack 04 (09/2009):Release & Information Note 
  1365574  SAP SRM 7.0 SP Stack 05 (12/2009):Release & Information Note   
  1436687  SAP SRM 7.0 SP Stack 06 (03/2010):Release & Information Note 
  Kind regards,
  Ricardo

• How can I add a custom attribute to a catalog area? (CRM Isa Sales)

  Gents,
  How can I add a custom attribute to a catalog area? (CRM Isa Sales)
  Actually I would like to use the Catalog Area Type (maintained in trx COMM_PCAT_ADM on Catalog Area Header level). This field doesn't seem to be available in J2EE webshop. (The field documentation says it is for documentation purposes only so I don't expect it to be transferred).
  As this field is not readily available, I would like to add is as an attribute to the Catalog Area. BADI's PCAT_IMS_FEED_ATT and PCAT_IMS_FEED_VAL seem to indicate that it should be possible to add additional fields not only on product level, but also on Area level:
  Example implementation code:
  method IF_EX_PCAT_IMS_FEED_ATT~READ_NEW_FIELDS.
  * Example, how to add new attributes to a indexcategory
  * Possible levels are 'C'ategory and 'P'roduct.
  * Field 'VALUE' carries the attributetype ('S'tring, 'I'ntegar or
  * 'F'loat)
  * Structure 'IS_OBJECTS' carries actuall identifiers
    data: ls_fields        type comt_pcat_ims_feed_ux.
    case iv_level.
      when 'C'.                        "Category Level
  *     no new field
      when 'P'.                        "Product Level
        ls_fields-field = 'CUSTOMER_EXIT_FIELD'.
        ls_Fields-value = 'S'.
        append ls_fields to ct_fields.
  *     exproduct fields
        ls_fields-field = 'REMAN_ABL'.
        APPEND ls_fields TO ct_fields.
        ls_fields-field = 'EXCH_BUS'.
        APPEND ls_fields TO ct_fields.
    endcase.
  endmethod.
  However, when I create an implementation and add some code in the when 'C' part, the attributes do not seem to get transferred. (I've checked in the debug mode of the developer studio).
  - My example code:
  METHOD if_ex_pcat_ims_feed_att~read_new_fields.
  * Possible levels are 'C'ategory and 'P'roduct.
  * Field 'VALUE' contains the attributetype
  * ('S'tring, 'I'ntegar or * 'F'loat)
    DATA:
    ls_fields LIKE LINE OF ct_fields.
    CASE iv_level.
      WHEN 'C'.                        "Category Level
        ls_fields-value = 'S'.
        ls_fields-field = 'ZTEST'.
         APPEND ls_fields TO ct_fields.
      WHEN 'P'.                        "Product Level
    ENDCASE.
  ENDMETHOD.
  and:
  METHOD if_ex_pcat_ims_feed_val~read_new_fields.
    CASE iv_level.
      WHEN 'C'.
       ls_fields-field = 'ZTEST'.
       ls_Fields-value = 'Value 1'.
       append ls_fields to ct_fields.
      WHEN 'P'.
    ENDCASE.
  ENDMETHOD.
  In the ABAP debugger, I can see that my code is touched during initial and delta replications, however, after replication, the fields do not show up in the Java debugger.
  Any ideas?
  regards,
  Wilco Menge

  Hi,
  How can I customize the /bin/wcmcommand or how can I make use of [2] to create a custom WCMCommand?
  I think the "formUrl" is to post those input value to the jcr repository?
  var createDialog = {
          "jcr:primaryType": "cq:Dialog",
          "id": CQ.Util.createId("cq-createdialog"),
          "title":CQ.I18n.getMessage("Create Page"),
          "formUrl": CQ.shared.HTTP.externalize("/bin/wcmcommand"),
          "params": {
              "cmd":"createPage",
              "_charset_":"utf-8"
  I have added a field called "starred"
  Moreover, when I using the firebug to trace the post command, I can see that the starred value is posted also.
  :status
  browser
  _charset_
  utf-8
  cmd
  createPage
  label
  b
  parentPath
  /content/keyword_elaboration
  starred
  c
  template
  /libs/collab/commons/templates/form
  title
  a
  Source
  cmd=createPage&_charset_=utf-8&%3Astatus=browser&parentPath=%2Fcontent%2Fkeyword_elaboration&title=a&label=b&starred=c&template=%2Flibs%2Fcollab%2Fcommons%2Ftemplates%2Fform
  However, when I go to the crxde to view the node's attribute, the properity starred is not created
  Are there anything I did wrong or missing?
  Thanks.
  Message was edited by: aslkit

• HR strutural Authorization check in the Lean order Interface (LORD)

  Hi ,
  We place Quotations , Orders in CRM 7.0 , via the Lean order Interface Screen (LORD) . So users in ECC have HR structural authorization and they seems to the checked ( for the HR# part of the Sales Team , and comming accross as partner function in the Quotations , Orders documents )
  Can we avoid the HR structural Authorization check in the Lean order Interface ?

  Dear Christophe,
  I do not understand the requirement...you create ERP orders via CRM interface, and you have set up authorization in ERP for the users. Why do you want to prevent the authority check when coming from CRM when it is needed ?
  However please consider note 1446253 quesiton 9.
  You might activate or deactivate the "current user" flag in sm59 for your ERP system.
  Hope this information helps...
  Regards
  Rene

• Sales Document initial load Authorization check.

  Hi Guys,
  I am trying to do an initial download of all the Sales Documents from R/3 to CRM but I get the error "An authorization check could not be executed".
  SU53 is not showing any authorization failure for the corresponding user.
  Thanks in advance,
  Regards,
  Siva.

  Hi Siva,
  As SU53 is not showing you anything, means there could be problem with rights of RFC user.
  Check if your RFC user have all the required rights.
  Best Regards,
  Pratik Patel
  Reward with points if it is of any help to you!

• How & where to get Javadoc for CRM ISA 5.0?

  Hi, SDN Fellows.
  I read a forum blog, knowing that to get the javadocs of CRM ISA applications, I should perform this step: when building the internet-sales-ear-file, the sources are included as zip-file within the ear-file. after unzipping the sources you can generate javadocs on your own.
  In fact, what I really want is the Javadocs for the standard delivered CRM package, i.e. the default BOM, BaseAction classes (com.sap.isa.core.InitAction, com.sap.isa.core.BaseAction, com.sapmarkets.isa.isacore.action.EComBaseAction, com.sap.isa.isacore.action.IsaCoreBaseAction, com.sap.isa.core.UserSessionData), jsp, UILayout tags, message classes, and config-file javadocs.
  Can anyone point me where I can get this?
  Thanks,
  Kent

  Hi Kent,
  If you have the Java Component of ISA, then you can extract the javadoc which is supplied in it.
  Please check whether you have the SAPSHRJAV<version>.sca, if not download it from SAP Market Place.
  You need to open this software component using Winzip and inside it you will another zip file by name, "crmshrjavadoc.zip"
  When you open it you'll see a javadoc.ppa file  rename it to javadoc.zip and extract it within a folder.
  In the extracted folder you'll find all the required Javadocs along with API's and Interfaces.
  Hope you'll find the required documents inside it.
  Regards,
  Prashil

• BSP Authorization Check

  Hello,
  We are implementing CRM 5.0 and we are using BSP for opoprtunity management.
  We need to implement quite complex authorization rules. We have found the standard authorization object for the Opportunity Management as well as the authorization object for the BSP application.
  Unfortunately the parameters that are checked in standard does not meet our requirements we need to check more things before granting access to the user.
  Please advise if we should enhance authorization object and create new fields or there is also another way for authorization check in BSPs.
  Thanks in advance,
  Julia

  Hello, Gregor and Tiest.
  Thanks to both of you for the answer.
  I have read the blog and I analyzed the customizing activities that you recommended.
  Unfortunately, this functionality does not fit our requirements.
  To make the problem more clear I will give more explanations:
  - We are working with Opportunity Management application (crmd_bus2000111)
  - We have enhanced the standard opportunity view by adding new tabs.
  - These tabs are called by custom classes and are using custom structures.
  - We have defined the roles using standard authorization objects. They influence the standard tabs even with custom fields, however there is no influence on custom tabs.
  - Ex. We need to create the role for the viewer, who can only display the opportunity. When we enter the application with the user to which this role is assigned the user can see everything in display mode except for the custom tabs which are still allowed for changes.
  Do you know if it is possible to create an authorization object that can be used to handle the custom tabs?
  Will it be enough to create an object and assign it to the transaction or do we need to enhance also the classes to refer to this custom ocject?
  Thanks for help,
  Julia

• DTR Conflict while upgrading CRM ISA 5.0 to SP19 - Missing stylesheet

  Hi All,
  I am working on CRM ISA 5.0 upgrade from SP11 to SP19 in a new track. I have resolved all conflicts except one file stylesheet_ff.css.
  It was present in earlier SP version in this path - DCs/sap.com/crm/tc/web/appbase/_comp/src/packages/mimes/stylesheet_ff.css.
  As it not present in the SP19 components now, I am not able to resolve it.
  After we saw that application was working fine in Development system, we thought of sending everything to Quality environment. Basis people were able to consolidate all changes but got errors while trying to assemble all components.
  Here is the log of failed assembly of SHRWEB component -
  20120117091052 Info   :Starting Step Check-assembly at 2012-01-17 09:10:52.0885 -6:00
  20120117091053 Info   :Checks for software component sap.com,CUSTCRMPRJ are performed now:
  20120117091053 Info   :Checks for software component sap.com,CUSTCRMPRJ finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMAPP are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMAPP finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMDIC are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMDIC finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMWEB are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMWEB finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRAPP are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRAPP finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRWEB are performed now:
  20120117091053 Info   :1DTR conflicts
  20120117091053 Fatal  :There are unresolved collisions, stopping export now
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRWEB finished succesfully
  20120117091053 Info   :Step Check-assembly ended with result 'fatal error' ,stopping execution at 2012-01-17 09:10:53.0635 -6:00
  We are getting similar errors in every other component. For example, I am listing the log which we got for SHRAPP component here-
  20120117091052 Info   :Starting Step Check-assembly at 2012-01-17 09:10:52.0885 -6:00
  20120117091053 Info   :Checks for software component sap.com,CUSTCRMPRJ are performed now:
  20120117091053 Info   :Checks for software component sap.com,CUSTCRMPRJ finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMAPP are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMAPP finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMDIC are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMDIC finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMWEB are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-CRMWEB finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRAPP are performed now:
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRAPP finished succesfully
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRWEB are performed now:
  20120117091053 Info   :1DTR conflicts
  20120117091053 Fatal  :There are unresolved collisions, stopping export now
  20120117091053 Info   :Checks for software component sap.com,SAP-SHRWEB finished succesfully
  20120117091053 Info   :Step Check-assembly ended with result 'fatal error' ,stopping execution at 2012-01-17 09:10:53.0635 -6:00
  In order to resolve this conflict, I created stylesheet_ff.css file at path crm/tc/web/appbase/_comp/src/packages/mimes/stylesheet_ff.css. It didn't resolve our issue because for newly created stylesheet_ff.css file's current version is the first version. Hence I am not able to see any conflict in its version graph from NWDS.
  I have raised an SAP OSS message asking why was this stylesheet remove and got a response as mentioned here
  The reason for this is the changed CSS determination to support more
  browsers (see also note 881967). How the CSS determination works now is
  described in note 1427396.
  In general the content of stylesheet_ff.css has been moved to
  base_stylesheet.css. It is the base for all browsers, because at the
  time of the change, Firefox was the only big browser really adhared to
  the W3C standard.
  All other style sheets are only the delta. They are included after the
  base_stylesheet and the entries in the delta style sheet are overwritingthe entries in the base_stylesheet. This is also the reason why the ie9
  style sheet is so small.
  I can understand SAP's response, however because of this unresolved conflict we are facing issues in assembly.
  Please help.
  Thanks in advance.
  Amol Joshi

  Dear Amol,
  I suggest to proceed with this in the SAP ticket, Iwan will assist you in anything.
  In case you have difficulties please post your questions in the SAP ticket.
  I am closing this thread.
  Thank you and Best Regards,
  Ervin

• CRM - ISA customization

  Hi
  I am new to this CRM- Internet Sales Application.  My client requiremnt is to modify the existing ISA Application.  Client installed NWDI-NWDS successfully.  They have created the track in the NWDI and imported into the NWDS.
  Here , I am not understand how can we figure-out which component we need to modify for the customization.
  For example , which java file , par file ...
  If anybody having idea on the CRM-ISA applications please share it with me.
  Sure.. points will be rewareded
  Thanks
  Ravi

  Hi Fredrik,
  the configuration files are kept outside of the application folder and even after upgrading it the configuration will not get lost - that is the main idea behind the XCM tool.
  If you deploy a new ear (or even the already deploy one) you have two possible answer:
  - re-configure the new application
  - or use the old configuration
  To reconfigure the application you can just start the XCM took and proceed as you did with the first application.
  If you want to use the same (old) configuration you can just change one line in the WEB.XML file of the new one and the new application will be pointed to use the configuration files of the old one. I hope that this was lear enough.
  In other words, after you deploy the first application a new folder will be created and this folder will contain three XML files with all the application configuration: please check the following path <j2ee instance>sys/global/xcm/crm.b2b in case you deploy the standard b2b application.
  If you deploy the next application (named b2b_fredrik) another folder will be generated: sys/global/xcm/crm.fredrik - this folder will contain the configuration of the newly deployed application. But as I said if you want to use the old b2b configuration please open the web.xml file of both application and check how are these sys/global/xcm paths maintained - just make sure that the customer.* parameter contains the same path as in the B2B web.xml.
  After you restart the application you can use it.
  cheers
  Borislav

• Regarding jar file checkin in CRM ISA 6.0

  Hi,
  I want to checkin some java files in CRM ISA using NWDI but these java classes have dependency on some third party jars which i need to checkin as well.
  I am unable to find the location where i can checkin the jar files so that these files can be compiled and build without any error.
  Please reply ASAP.

  1) create an Extneral library DC
  2) import the JARs to the libraries folder of the External Library DC project
  3) Right-click on each of the JARs imported to the project and add them to the public part.
  This DC is now ready to be used as a build-time reference that will allow CBS to build the DC that will use the external libraries. Next, we have to create a new DC to hold the class files here are the steps:
  1) Create a new DC
  2) Create a new public part, selecting the "Can be packaged into other build results" option
  3) Rename the JARs as Zip files and extrct the full content (folders and class files) to your root folder
  4) Import the folders and files to the src/packages folder
  5) Expand the public part node that was created and select the "Entities" node, right-click it and choose Edit
  6) In the Entity Type list select the "Folder" option then in the selected entities tree pick each of the folders that you imported in step 5 (above)
  7) Now do a DC build and a DC deploy of the project
  Then check-in, activate, and release any activities you have associated with creating these two projects. In the DC perspective, refresh the Active DCs and Inactive DCs to ensure that both new DCs appear in the Active list. Now we have to setup the references to these DCs in our main Web Dynpro application. To do this, follow these steps:
  1) Open the respective perspective and right click the Used DCs node then choose "Add Used DC.."
  2) Pick the public part of the External Library DC that we created (first) and set it to have a Build Time dependency
  3) Again, right click the Used DCs node and choose "Add Used DC.." then choose the public part of the DC that we created to hold the classes  and give it a Run Time dependecy (weak) and click finish.
  4) Now, due to what I think is a bug. You must right click on the Web Dynpro "used DC" that you just added in the previous step, and set the run time dependency again (it seems to revert to the default values for some reason)
  5) Now do a DC build and a DC deploy on the "main" DC application.
  6) Check-in, activate, and release any activities associated with adding these references and then others on your team may use the classes in the external libraries within the Web Dynpro project.
  I think this will work this is working perfectly for webdynpr DC's
  Thanks and Regards
  shanto aloor

• Issues with Analysis Authorization checks in APO

  Hi Friends,
  I am facing an issue with Analysis authorization checks in APO.
  We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
  Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
  This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
  In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
  However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
  Resultant trace results are as below: This should not happen..
  I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
  Will it be possible for you to advise on what could I be missing.

  Hi All,
  If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
  while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
  Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
  Please advise.. Thanks..
  Regards,
  Prakash

• Turn on Credit Check in CRM 5.0

  Hello friends,
  I need to active credit check in CRM 5.
  I followed SAP HELP, and configured just
  "Customer Relationship Management,  CRM Middleware and Related Components, Communication Setup, Define Middleware Parameters"  and I defined the parameters as follow:
  key: CRMCREDCHE,  parname: CRMCREDCHE, rfcdest: ZLT100
  In sales order clicking on credit check button didn't anything happened. No Status change, no error message, nothing.
  Removing this parameters and clicking on credit check button the system show message that RFC destination is missing.
  In ECC system credit check is working OK.
  Do I need additional configuration in CRM to credit checks work ?
  Very thanks for your help, and any help will be rewarded
  Lalas

  Hi Praveen Rangineni 
  We gave up to use standard credit check because didnu2019t work.
  We created a abap program with rfc connection to ECC to do the credit check.
  Details to construct this abap program we got here at SDN, unfortunately I donu2019t have the link to the message, and I not working for the same company, so I donu2019t have access to the program.
  Sorry, I canu2019t help you more.
  Lalas