Authorization check in CRM

Hello All,
Can some one tell me what are these fields in the IMG supposed to mean.
1)Screen fieild1 2)Screen Field2
Path:IMG>CA->SAP BP->BP>Basic Settings->Authorization Management
>Maintain Authorization types.
regards,
Muralidhar Prasad.C

HI
Murali these are USer or BP Authoriasation Field settings depends up on
role he is playing you are giving authiriazations to USers for Ex Sales manger is having diffrent authorizations , marketimng manager , Etc whther he i s key or core
so you are setting the Set of fields for them set of fields are called segments , 2 or more than that segment will become one screen for the Bp or user, I think you are clear now, Reward points
Cheers
Venkat mallela

Similar Messages

  • Authorization check in CRM ISA

    Dear All,
    I need some small help.
    We have SAP CRM ISA MSA 5.0 SP8. We need to create some roles for the end users who access the system via the CRM Webshop. But we are not able to trace what authorization a user requires or lack. Like when I give a role which doest not contain the required object, few functions in the CRM webshop does not work. But we are unable to trace it, do we have something similar to su53 or a a trace (st01/st05). I tried actiavating the trace, but it does not work.
    How do I know which object is checked/missing when user clicks something in a webshop?
    Please help me in this.
    Will surely reward points if I find anything which helps me.
    Thanks.
    Rajeet

    Hi Rajeet,
    The following links would help you to some extent.
    http://help.sap.com/saphelp_nw70/helpdata/en/03/37dc4c25e4344db2935f0d502af295/frameset.htm
    http://help.sap.com/saphelp_nw70/helpdata/en/43/3ab19fa272376de10000000a422035/frameset.htm
    Cheers
    Soma

  • Authorization Check in Business Transactions in CRM 2007

    Hi everybody, I have a problem whit the authorization check in CRM 2007.
    This link help me to follow the steps
    http://help.sap.com/saphelp_crm60/helpdata/en/e9/b29a39e7aee372e10000000a11
    I follow this steps:
    1.- Created a new single role on the PFCG
    2.- On the Menu tab add the transaction BSP_CRMD_BUS2000108 (Trax for LEADS)
    3.- On the authorization tab create a new profile and in the authorization data set the values for CRM_ORD_OP: PARTN_FCT ‘00000012’, PARTN_FCTT ‘*’, ACTVT ‚'02,03’
    4.- Generate the authorization.
    5.- Set my user "TESTUSER" on the user tab
    6.- Save the profile
    Then, I login to CRM whit TESTUSER and I see all the leads.  I miss something, what could be the problem ?
    Thanks for your help

    Hi Shaji, Pankaj and Jushan, thanks four your answers.
    I still have the same problem, I want to see only my leads that I´am the responsible, after I generated the authorization and assign the role to my user from tcode PFCG and SU01, I logout and login again and no changes, I still see all the leads.
    Another test I made, I changed the authorization data and set the values for CRM_ORD_OP: PARTN_FCT ‘’, PARTN_FCTT ‘0008’, ACTVT ‚'’   (person responsible)  and the results was the same, see all the leads.
    How works the User Comparisons and how can I check for errors in my pfcg role ?
    Thanks for your help.

  • CRM - Process Flow of Authorization Check in Business Transactions

    Hello Folks:
    I have implemented CRM security using Process Flow of Authorization Check in Business Transactions.
    What I have in place:
    CRM_ORD_OP (inactive, don't want access to own documents)
    CRM_ORD_LP (inactive, not using standard org level values Distribution Channel, Sales Group, Sales Office, Sales Organization, and Service Organization.)
    CRM_ACT (active)
    CRM_CMP (active)
    CRM_ORD_OE (active, restricted to display with dummy value ' ' for Distribution Channel
    Sales Group, Sales Office, Sales Organization and Service Organization, as we are not restricting on them)
    CRM_ORD_PR (active and restricted to display)
    Issue:
    Restrictions to display for documents works fine when using CRM backend system and the system throws out a message that you are not authorized to change. But, when i come in through Portals (PCUI), i dont get the display at all and it throws out a message insufficient access authorizations.
    Traces on backend CRM reveal failing on change access for CRM_ORD_LP and CRM_ORD_PR, which we dont want to give out b/c we dont want to provide change for documents.
    OSS notes to SAP have resulted in no results....please advise what is wrong here.
    Thanks
    KT

    Thanks for the Priyanka for the reply, but what you mention is not correct.
    BSP errors are different from what I am refering to.
    The issue is still open...and looks like a SAP bug, which even they havent been able to fix so far.
    Regards,
    KT

  • Question regarding Authorizations in SAP CRM 7.0

    Hello,
    The problem is this:
    We have a client who will use two ways of accessing SAP CRM 7.0 data -
    1. CRM Web UI
    2. Mobile devices via standard SAP CRM BAPIs
    Now the situation is that the client wishes to control display authorizations based on the Business Role. Certain Business Roles can allow its User to see Accounts where the User is also Employee Responsible and certain other Business Roles can allow its User to see all those Accounts that are associated with that Role. In summary Business Roles control what an User can see.
    This has already been implemented for the CRM Web UI using the Access Control Engine (ACE).
    Now the questions are:
    1. How do we implement this for BAPI Access?
    2. Should we recreate what has been achieved by ACE, via PFCG Authorization Profiles?
    3. Can we not reuse what has been done by ACE?
    4. What are the runtime APIs that allow somebody to use the authorization checks of ACE?
    5. Does the standard Function Module CRM_ORDER_CHECK_AUTHORITY_ACE help in this regard?
    Any help here will be greatly appreciated. Please let me know if you need any clarifications.
    Thanks in advance.
    Best regards,
    Sudhi

    Hello,
    Normally, some notes are recommended in addition to the current support package implementation because they were developed to solve any known issues. These known issues occurred as side effect of any note which belongs to the implemented support package.
    If you take a look at older release notes, you will see the same.
    This is a part of implementation stack.
    1345085  SAP SRM 7.0 SP Stack 04 (09/2009):Release & Information Note 
    1365574  SAP SRM 7.0 SP Stack 05 (12/2009):Release & Information Note   
    1436687  SAP SRM 7.0 SP Stack 06 (03/2010):Release & Information Note 
    Kind regards,
    Ricardo

  • HR strutural Authorization check in the Lean order Interface (LORD)

    Hi ,
    We place Quotations , Orders in CRM 7.0 , via the Lean order Interface Screen (LORD) . So users in ECC have HR structural authorization and they seems to the checked ( for the HR# part of the Sales Team , and comming accross as partner function in the Quotations , Orders documents )
    Can we avoid the HR structural Authorization check in the Lean order Interface ?

    Dear Christophe,
    I do not understand the requirement...you create ERP orders via CRM interface, and you have set up authorization in ERP for the users. Why do you want to prevent the authority check when coming from CRM when it is needed ?
    However please consider note 1446253 quesiton 9.
    You might activate or deactivate the "current user" flag in sm59 for your ERP system.
    Hope this information helps...
    Regards
    Rene

  • Sales Document initial load Authorization check.

    Hi Guys,
    I am trying to do an initial download of all the Sales Documents from R/3 to CRM but I get the error "An authorization check could not be executed".
    SU53 is not showing any authorization failure for the corresponding user.
    Thanks in advance,
    Regards,
    Siva.

    Hi Siva,
    As SU53 is not showing you anything, means there could be problem with rights of RFC user.
    Check if your RFC user have all the required rights.
    Best Regards,
    Pratik Patel
    Reward with points if it is of any help to you!

  • BSP Authorization Check

    Hello,
    We are implementing CRM 5.0 and we are using BSP for opoprtunity management.
    We need to implement quite complex authorization rules. We have found the standard authorization object for the Opportunity Management as well as the authorization object for the BSP application.
    Unfortunately the parameters that are checked in standard does not meet our requirements we need to check more things before granting access to the user.
    Please advise if we should enhance authorization object and create new fields or there is also another way for authorization check in BSPs.
    Thanks in advance,
    Julia

    Hello, Gregor and Tiest.
    Thanks to both of you for the answer.
    I have read the blog and I analyzed the customizing activities that you recommended.
    Unfortunately, this functionality does not fit our requirements.
    To make the problem more clear I will give more explanations:
    - We are working with Opportunity Management application (crmd_bus2000111)
    - We have enhanced the standard opportunity view by adding new tabs.
    - These tabs are called by custom classes and are using custom structures.
    - We have defined the roles using standard authorization objects. They influence the standard tabs even with custom fields, however there is no influence on custom tabs.
    - Ex. We need to create the role for the viewer, who can only display the opportunity. When we enter the application with the user to which this role is assigned the user can see everything in display mode except for the custom tabs which are still allowed for changes.
    Do you know if it is possible to create an authorization object that can be used to handle the custom tabs?
    Will it be enough to create an object and assign it to the transaction or do we need to enhance also the classes to refer to this custom ocject?
    Thanks for help,
    Julia

  • Issues with Analysis Authorization checks in APO

    Hi Friends,
    I am facing an issue with Analysis authorization checks in APO.
    We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
    Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
    This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
    In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
    However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
    Resultant trace results are as below: This should not happen..
    I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
    Will it be possible for you to advise on what could I be missing.

    Hi All,
    If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
    while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
    Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
    Please advise.. Thanks..
    Regards,
    Prakash

  • Turn on Credit Check in CRM 5.0

    Hello friends,
    I need to active credit check in CRM 5.
    I followed SAP HELP, and configured just
    "Customer Relationship Management,  CRM Middleware and Related Components, Communication Setup, Define Middleware Parameters"  and I defined the parameters as follow:
    key: CRMCREDCHE,  parname: CRMCREDCHE, rfcdest: ZLT100
    In sales order clicking on credit check button didn't anything happened. No Status change, no error message, nothing.
    Removing this parameters and clicking on credit check button the system show message that RFC destination is missing.
    In ECC system credit check is working OK.
    Do I need additional configuration in CRM to credit checks work ?
    Very thanks for your help, and any help will be rewarded
    Lalas

    Hi Praveen Rangineni 
    We gave up to use standard credit check because didnu2019t work.
    We created a abap program with rfc connection to ECC to do the credit check.
    Details to construct this abap program we got here at SDN, unfortunately I donu2019t have the link to the message, and I not working for the same company, so I donu2019t have access to the program.
    Sorry, I canu2019t help you more.
    Lalas

  • HR ABAP Custom Authorization Check

    Hi all,
    We know that Implicit authorization check is carried out. The system determines whether the user has the authorizations required for the organizational features of the employees selected with
    GET PERNR.
        I have a question, if we create a custom authorization then, whether this custom authorization is checked or not.
    Thanks in Advance.

    There is no difference in the coding of the check, which as RJ has stated needs to be somewhere at the correct coding location... otherwise it is going no where.
    Some special differences are:
    - The object class of the custom object in SU21 => Authorization objects in HR cannot be deactived context specifically in SU24. You can create custom objects within SAP classes.
    - Depending on the transport type of your system, you will have to maintain transaction SU24 with a check indicator for the object - so make in known that the transaction has the capability to check the object. This does not affect "customer" systems, but is still a very good practice for the same reason that SAP forces it in their own development systems.
    - Additional object checks in SE93 (which are typically "plausibility" checks) are not subject to this restraint. The check is always there, and your ability to bypass it is limited if you check the tcode authority of the caller at initialization of the (called) coding context. CALL TRANSACTION will skip this check, unless the called transaction is sy-tcode already (as it is in variant transactions... which urban legends claim to be secured to use for CALL TRANSACTION).
    This concept is to a large extent influenced by SAP's own development guidelines and "settings" - but it is advisable to understand them and the intended authorization concept - to be able to create consistent customer implementations of SAP products.
    Of course there are exceptions to the rules... but they generally cause problems and sooner or later need to be corrected as well when the auditors get hold of them....
    Cheers,
    Julius
    Edited by: Julius Bussche on Apr 27, 2009 9:03 PM

  • Authorization check in LDB PNP

    Hi All,
    I am using logical database PNP in my report program and GET PERNR to fill the infotype tables. Infotype level authorization checks are performed but not Org data level (organizational assignments). The role assigned to me has access to data of specific personnel areas but I am able to retrieve data of all personnel areas (this was maintained in the authorization object P_ORGIN).
    I read the level of simplification should have a value 1 in the authorization object P_ABAP for Org Level authorizations to be performed. I have updated my role but still org level authorizations are not performed.
    Can you please let me know if  any special setting are to be done like in Tcode OOAC or set some flags/parameters in the report program to perform org data level authorization.
    Any information provided will be really helpful.
    Thanks,
    Pavan

    Hi,
    A separate ID was created in an environment similar to production and proper authorization were assigned to it (I mean roles with authorization objcts P_ABAP - level of simplfication 1 and P_ORGIN - restricting based on personnel area). Still Org level authorizations were not performed while using the LDB PNP. Is there anything I am missing?
    Thanks,
    Pavan

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Document search error in webshop(Error in authorization check: user unknow)

    Hi All
    actually we have implemented the document search functionality in webshop to access all the documents in webshop who have created order in the webshop.
    actually when i am logging into the portal with userid "skumar" after that there was role called "Document Search" when i click that document search role then the document search will be opened, based on the selections in the selection criteria then the documents will be displayed generally.
    actually come to my error when i select in the selection criteria "order acknowledgement" and i select the one more column called "period" after that i click the search button then i am getting the error as follows.
    <b>Error in authorization check: user unknown.</b>
    Can you please help me where to check the authorizations in the system for accessing the documents.
    Regards
    Sunil

    Hi Sunil generally this kind of error will occur when you choose acknoledgement
    for Future Periods,eventhough input is past date if the same problem occurs you should check for Su05 Internet USer authoriasations
    Reward if helpful
    Venkat

  • Create authorization check for a report

    Hi,
    I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
    Say the report name is ZHR_TIMEABC.
    Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
    Thanks in advance,
    VG

    Hi,
    Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
    If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
    Your inputs will be helpful to understand this concept.
    Thanks,
    VG

Maybe you are looking for