Authorizations SAP  CRM 7.0

Similar Messages

• S_DEVELOP authorization needed for CRM Web Client in SAP CRM 7.0?

  We implemented an own WebUI component in SAP CRM 2007 and use it in others components (with USAGE).
  After we transport the component in SAP CRM 7.0 we always got an error CX_BSP_DLC_CONFIG_GENERAL_ERR at loading the component. But if we set the permission to SAP_ALL all thing work fine.
  In SAP Note Nr. 1367944 we read:
  "It is not possible to run the CRM Web Client without the S_DEVELOP, activity=03
  authorization because it is needed by the Web Client Framework.
  The S_DEVELOP authorizatin is part of the SAP_CRM_UIU_FRAMEWORK PFCG role, which must
  be assigned to every user."
  "This dependency has been removed in CRM 7.0."
  Do we need to install some other SAP Notes at SAP CRM 7.0?
  Many thanks for advices!
  Handri Gunawan

  Hi Handri,
  I asked my collegue here, who created the note.
  The note is correct, in CRM 7.0 you do not need S_DEVELOP anymomre.
  The error that you have might occur because of another reason.
  Could you track the call stack of this exception?
  And send me back the call stack?
  Regards,
  Steve

• Question regarding Authorizations in SAP CRM 7.0

  Hello,
  The problem is this:
  We have a client who will use two ways of accessing SAP CRM 7.0 data -
  1. CRM Web UI
  2. Mobile devices via standard SAP CRM BAPIs
  Now the situation is that the client wishes to control display authorizations based on the Business Role. Certain Business Roles can allow its User to see Accounts where the User is also Employee Responsible and certain other Business Roles can allow its User to see all those Accounts that are associated with that Role. In summary Business Roles control what an User can see.
  This has already been implemented for the CRM Web UI using the Access Control Engine (ACE).
  Now the questions are:
  1. How do we implement this for BAPI Access?
  2. Should we recreate what has been achieved by ACE, via PFCG Authorization Profiles?
  3. Can we not reuse what has been done by ACE?
  4. What are the runtime APIs that allow somebody to use the authorization checks of ACE?
  5. Does the standard Function Module CRM_ORDER_CHECK_AUTHORITY_ACE help in this regard?
  Any help here will be greatly appreciated. Please let me know if you need any clarifications.
  Thanks in advance.
  Best regards,
  Sudhi

  Hello,
  Normally, some notes are recommended in addition to the current support package implementation because they were developed to solve any known issues. These known issues occurred as side effect of any note which belongs to the implemented support package.
  If you take a look at older release notes, you will see the same.
  This is a part of implementation stack.
  1345085  SAP SRM 7.0 SP Stack 04 (09/2009):Release & Information Note 
  1365574  SAP SRM 7.0 SP Stack 05 (12/2009):Release & Information Note   
  1436687  SAP SRM 7.0 SP Stack 06 (03/2010):Release & Information Note 
  Kind regards,
  Ricardo

• ICSS: authorization in SAP CRM 7.0

  Hello Experts,
  Is it possible to restrict via authorization acces to diffrent types of transaction in ICSS in SAP CRM 7.0? For example some clients can have acces to complaints, some to service request and some for both.
  Regards
  Piotr

  Of course, you can. If you are creating the Z: roles for SAP_CRM_ECO_ISE_WU_B2B, then in this role, in the CRM Component, there is an authorization object called CRM_ORD_PR and a field name PR_TYPE. You can go an change the individual users with access to different transaction types or create Z: object or Z:role for each group as you wish. Use the field name ACTVT to control the access to the transaction type.
  Please note, there may still be some discrepancies in the search selection in the ICSS. Though you may want to restrict the user to not to access "Complaints", the restriction may work at the transaction level, but not at the search level. You may still see "Complaint" object in the Search dropdown list.  I am not sure if SAP has covered all the features of ICSS to abide by this role.

• Pop-up screen not showing while accessing transactions in SAP CRM WEB-UI

  When we are logging on SAP CRM WEB UI, for transactions like Lead, Complaints and Activities-
  Sometimes Pop up screen is showing for selecting transaction types, but sometimes it is not showing.
  We have tried it on different work stations with same user id and standard business roles , but we are not able to trace the problem. Also with same id sometimes error shows, "No business roles attached, not allowed to logon,
  after that when we tried on other workstation with same id we were able to access all transactions.
  Please suggest what would be the problem. 
  Rishikesh

  This is sporadically occurring issue hence I cannot pin point one single reason. Since sometimes you are able to logon and some time not certainly it could not be a Role authorization issue.
  Just check if your business role is properly configured. Thats all i can say.
  Regards
  Kavindra

• Sap CRM 2007 Security related issue

  Hi All,
  I am working on SAP CRM 2007 security.
  I have scenario, which we are trying to fix.
  There are two users A and B.
  A is assigned to role X
  B is assigned to role y
  Business Partner 123 is created for user A
  Business Partner 456 is created for user B
  These Business Partners are assigned to Authorization Groups.
  See below:
  1)Authorization Group (LK01) is assigned to Business Partner --123.
  2) Authorization Group (LK02) is assigned to Business Partner --456
  3) Authorization groups LK01 is assigin to user A in PFCG role X
  4) Authorization groups LK02 is assigin to user B in PFCG role Y
  a) User A assigned with PFCG role X>Authorization Group (LK01)>BP 123.
  b) User B assigned with PFCG role Y>Authorization Group (LK02)>BP 456.
  Note:
  1) Authorization Groups are assigned to BPs under the Control tab.
  2) These Auth Groups are assigned in Authorization Object in PFCG role.
  Now, USER 'A' should not be able to work under the BP 456 as this BP is assigned to authorization group LK02.
  The issue is when we open the WEB UI and login with user A role X, He can search for the BP 456 assigned to Auth Group LK02.
  User A can open the Interaction History and edit the Service Order created using the BP 456.
  He can Edit the following in Service Order details:
  1) General Data Status (from created to complete), Contact person, Sale Rep name.
  2) Organization Data like Sales Office, Sales Org Unit, Distribution Channel
  3) Business Partner.
  However, one good thing is he cannot edit the Account details like Account ID, House No, Employee Resposible, the message he get is "No authorization to change partner with authorization group"  which is a
  good thing.
  I have tried to be precise, please let me know if you require more information.
  Regards,
  Dave.

  I suggest the following:
  Please, check whether the system works if you activate the implementation BUPA_F4_AUGRP.
  In addition check the notes 559662, 674869 and 782927. Maybe the notes are already implemented but you can try then the implementation of the BADI (SE19). It should resolve your issue.
  I have implemented this Badi solution before, and after activation; the search help ; nor search result list did NOT show any Business partners anymore that had an authorization group I was not allowed to see.
  kind regards
  Davy Pelssers
  SAP CRM/Security consultant

• New JAVA application with data from SAP CRM and R/3

  Hi All,
  We have a requirement to create a new application which will have CRM BP Master data and D&B Data from R/3 and based on authorization different roles be able to edit some of the fields and workflows to confirm the new data .Once users edit the fields in the application the new data will be replicated back into BP Master Data in CRM.
  In our company we are using CRM 7.0 and R/3 4.7 system if we decided to create the application using JAVA can you please let me know the architecture(servers etc) we might need because of the JAVA application.
  How to connect Java application to SAP CRM 7.0. Can you please guide me the data flow structure
  I am not sure if this is the right forum if not please suggest appropriate forum.
  Thanks a lot ,
  Kitcha.

  Hi,
  You can connect to SAP Systems by consuming the RFCs.
  you can use the JCO API to connect to R/3. the [documentation |http://help.sap.com/saphelp_nw04/helpdata/en/6f/1bd5c6a85b11d6b28500508b5d5211/content.htm]
  alternatively  you can use SAP Enterprise Connector to generate JCO Proxies : [The Documentation|http://help.sap.com/saphelp_nw04/helpdata/EN/ed/897483ea5011d6b2e800508b6b8a93/frameset.htm]
  and somr more helps:
  http://help.sap.com/saphelp_nw04/helpdata/en/89/8a185c148e4f6582560a8d809210b4/frameset.htm
  Regards,
  Naga

• Difference between SAP CRM Security and SAP ECC 6.0 security

  Hi
  I have extensively worked on SAP ECC security but haven't have chance to work on CRM Security.
  Can anyone please let me know the difference between CRM security compared to  ECC security.
  Thanks...

  I am sorry to say, but instead of giving the guy a decent answer you are starting a fight or discussion about stupid forum points...
  really sad.....
  The big  difference between SAP ECC and SAP CRM Security (up to release 5.0) was the following:
  1) For sure there are very different transaction codes in SAP CRM as compared to SAP ECC in the first place
  2)  If you are familiar with R/3 or ECC authorizations; then you know that already on transaction code level, the 'allowed activity' is controlled on tcode level , whereas in SAP CRM , in most cases the 'allowed activity is not controlled by the Transaction code, but on authorization object level....
  E.g. transaction code BP allows you to create/change/display  any type of Business Partner (e.g; sold-to/ship-to/contact person/employee/customer) which is based on the business partner ROLE concept.... anyway...you can control the allowed activity based on different authorization objects.....
  another example is business transaction processing...which can be launched by:
  a very generic transaction code: CRMD_ORDER
  transaction category related transaction codes :e.g.
        > CRMD_BUS2000126 for activity management
        > CRMD_BUS200115 for Sales processes
  Again...allowed activity is not controlled by the tcode, but on authorization object level...
  3) As of the new WEBCLIENT UI (which is valid as of release CRM2006s/CRM2007/CRM7.0) SAP also invented an extra authorization layer, which is UI COMPONENT LEVEL and logical links....  controlled by object UIU_COMP.
  However, they also introduced the BUSINESS ROLE Concept (e.g; SALESPRO/MARKETINGPRO/...) which defines actually the functionalities, navigation bar, screen configuration, logical links you can use/see within the new WEBclient UI.
  Another thing is that instead of using TRANSACTION CODES, as of these new releases, you are actually using 'external services'....so you do not authorize on tcodes basically....but the logic between tcodes and external services in relation to the authorization objects that are checked is more or less the same....
  STANDARD authorization setup in the new WEBUI client is therefore controlled by both backend authorizations (not UIU component related) and the UIU_COMP (restricting access to workcenters/logical links/...)
  4) Additionally SAP also provides a concept called ACE (which stand for ACCES CONTROL ENGINE)....
  This requires a bit of customizing...and the rest is more or less pure customer development, as you will create your own methods where you'll define a logic which dynamically will verify what kind of access you have for an object....
  You should now that ACE is actually implemented on top of your 'normal' sap crm security setup....
  cheers
  Davy Pelssers

• Authorisation in SAP CRM 7.0

  Hello gurus
  How to work on Authorisation in SAP CRM 7.0
  1)If we want to deactive the Buttons like  Show configuable area,configure page ,Personlize which we see on the right top of the screen in WUI
  Your support is appreciated

  Hi,
  In CRM 2007, CRM7.0, SAP delivers standard roles which helps to run the business smoothly.
  However, if customer wants to change any standard business role, it is suggested to copy it to Zrole and change the authorizations for the corresponding PFGC roles. To change any standard authorizations of PFCG roles, one has to go to PFCG transaction in SAPGUI and should do the required changes.
  Please find more info in the following links:
  Customizing Business roles: http://help.sap.com/saphelp_crm70/helpdata/EN/6e/aab73e83764b4c897efce7020d562f/frameset.htm
  Maintaining Authorizations:
  http://help.sap.com/saphelp_crm70/helpdata/EN/52/671617439b11d1896f0000e8322d00/frameset.htm
  Hope this helps!
  Regards,
  Chethan

• Issue in Migrating Attachments from Siebel to SAP CRM

  Hi All,
  We are doing Data Migration for Attachments into SAP CRM from Siebel. and have an issue for migrated attachments showing blank pages while opening in SAP CRM.
  We  have used all the formats of converting the data into binary and loading the attachments from Application Server.
  But the PDF/File open with blank pages.  The no. of pages in the original attachment and the migrated file from application server matches.
  May i know the best approach of meeting the above Requirement .. Its prioritized issue !!
  Thanks a lot !!

  Go to sm58-->Select IDOC_INBOUND_ASYNCHRONOUS this function module, in menu mar select edit--> execute LUW.
  or take help from sap basis team, can you please check user in the source system have authorizations profile. 'S_BI-WX_RFC' for this u can refer sap note :150315.
  if you need more information refer this document:
  How to check a BW - SAP source system connection - SAP NetWeaver Business Warehouse - SCN Wiki

• Needed SAP CRM Data model with Object, Entity and Attribute level details

  Hello all,
               We are working on a huge IS-U / CRM implementation and we are still in the data gathering phase. The client has a whole load of legacy systems that will be replaced with IS-U and CRM. Right now we are in the process of developing data models using Excel first and then presenting them to the client to go forward from there. For this we need to have all the business objects, entities and their attributes.
  I know about the SD11 transaction, but we don't have a CRM system yet. My colleagues have access to a German ERP system and they were able to get models for HR, FI and Asset management. I tried for the Business partner / customer in there, but the models were not proper.
  So, once again, I need the specific data models out of SD 11 for  CRM business partner. If anybody has the information, please do pass it on to me as I need them urgently. It would be a great help if somebody can do so.
  Regards
  Rajesh

  I suggest the following:
  Please, check whether the system works if you activate the implementation BUPA_F4_AUGRP.
  In addition check the notes 559662, 674869 and 782927. Maybe the notes are already implemented but you can try then the implementation of the BADI (SE19). It should resolve your issue.
  I have implemented this Badi solution before, and after activation; the search help ; nor search result list did NOT show any Business partners anymore that had an authorization group I was not allowed to see.
  kind regards
  Davy Pelssers
  SAP CRM/Security consultant

• Configurations required for  PME and SCE in SAP-CRM 2007

  Hi Friends
  How to configure the PME and SCE in SAP-CRM 2007.
  If u have any documentation avilable for those two topics regading the implementation of e-Commerce application.
  Waiting for ur reponse..
  Regards
  Satish.

  Hi Mia,
  Authorization group is available in the old versions and basically this help in defining new authorization groups and you can define what can be done with these authorization groups as what can be edited and what cannot be and this is done on SPRO. These authorization groups are entered in the authorization group and the user who has this authorization object will be able to work on the account.
  So the business role in CRM 2007 has a PFCG role and the authorization profile that you created are assigned to the business role and users are assigned to the business role.
  There are also few authorization objects to maintian the BP relationship and see if you can use these combination to check if it meets your requirement.
  Hope it clarifies and if useful please reward points
  Thanks
  Srini

• How to check authorization in CRM Webshop.

  Dear All,
  I need some small help.
  We have SAP CRM ISA MSA 5.0 SP8. We need to create some roles for the end users who access the system via the CRM Webshop. But we are not able to trace what authorization a user requires or lack. Like when I give a role which doest not contain the required object, few functions in the CRM webshop does not work. But we are unable to trace it, do we have something similar to su53 or a a trace (st01/st05). I tried actiavating the trace, but it does not work.
  How do I know which object is checked/missing when user clicks something in a webshop?
  Please help me in this.
  Will surely reward points if I find anything which helps me.
  Thanks.
  Rajeet

  Hi Chaitanya,
  For enabling the trace for checking the authorization, go to transaction, st01, check on authorizatio check and then click on general filters, type the user which you would like to check the trace for and then click on the Trace On. After this, walk through all the steps where you are facing the problem. Then once u face the error, again go to st01, click on trance off, then click on analysis and then type the user which you switced on the trace for and execute.
  You can see the analysis. and you can go to the bottom and if there was any authorization issue, it would be displayed in red.
  Please check and award points if you find anything worthwhile.
  Thanks.
  Warm Regards,
  Rajeet

• Custom message required on log on pop-up in SAP CRM WEB UI

  We required custom message to the log- on popup, right now the message is coming after we give the user ID and password "starting SAP CRM" instead of that
  user required welcome message.., how can achieve this ?
  Please reply as soon as possible.

  Hi Pankaj,
  did you already check the guide in the CRM Wiki:
  https://wiki.sdn.sap.com/wiki/display/CRM/WelcomeUserMessageinWeb+UI
  Hope this answers your question.
  Best Regards,
  Michael

• ICI - How to display custom error messages in SAP CRM

  Hello,
  we are working on a custom Contact Center which interfaces with SAP CRM Version 7 with Enhancement Package over ICI.
  The basic call functions like accepting, hanging up, holding and retrieving are fully implemented and are working already.
  Our goal is to display error messages in the CRM so that clients know there is something wrong, for example why he can't be log in successfully (e.g. the telephony server isn't reachable).
  We already found the ICI Documentation file which provides us the CRM SOAP error codes and tried to send SOAP Fault messages, but never got
  them to screen.
  Please find an attached example screenshot what we mean exactly, reproduced by trying to make a call with CRM user while BCM CDT isn't
  running in the background.
  Regarding to this topic we've the following questions:
  - Is it possible to display custom error messages on the CRM or is this functionality limited to SAP?
  - Could you provide us some further information on how to use this feature exactly (implementation details?) and how the SOAP XML should look like to get it work?
  Thank you in advance!
  Best regards
  René Holy

  NewUser7 wrote:
  Please correct me if I am wrong
  I need to create an entity adapter and attach an error handler with the adapter? or can i handle that in the event handler itself. I coulnt find any api for handling errorsYou can do it both ways but since we are talking about event handler now, then in 9.x you need to extend com.thortech.xl.client.events.tcBaseEvent class for creating a event handler. In tcBaseEvent class there are various flavors of handleError method. So use that as per my note earlier and you should be good.
  HTH