CRM 7.0 BP Authorizations

Similar Messages

• CRM - Process Flow of Authorization Check in Business Transactions

  Hello Folks:
  I have implemented CRM security using Process Flow of Authorization Check in Business Transactions.
  What I have in place:
  CRM_ORD_OP (inactive, don't want access to own documents)
  CRM_ORD_LP (inactive, not using standard org level values Distribution Channel, Sales Group, Sales Office, Sales Organization, and Service Organization.)
  CRM_ACT (active)
  CRM_CMP (active)
  CRM_ORD_OE (active, restricted to display with dummy value ' ' for Distribution Channel
  Sales Group, Sales Office, Sales Organization and Service Organization, as we are not restricting on them)
  CRM_ORD_PR (active and restricted to display)
  Issue:
  Restrictions to display for documents works fine when using CRM backend system and the system throws out a message that you are not authorized to change. But, when i come in through Portals (PCUI), i dont get the display at all and it throws out a message insufficient access authorizations.
  Traces on backend CRM reveal failing on change access for CRM_ORD_LP and CRM_ORD_PR, which we dont want to give out b/c we dont want to provide change for documents.
  OSS notes to SAP have resulted in no results....please advise what is wrong here.
  Thanks
  KT

  Thanks for the Priyanka for the reply, but what you mention is not correct.
  BSP errors are different from what I am refering to.
  The issue is still open...and looks like a SAP bug, which even they havent been able to fix so far.
  Regards,
  KT

• CRM 5.2 UI Authorization Object- sy-subrc= 12

  Hi,
  Iam working in CRM 5.2 UI, I have created a custom authorization object for my IC application. Now when i use/check them for authority to enable/disable my buttons in the UI, iam getting sy-subrc = 12 .
  How can i get over this problem. Please provide me with a solution. Points would be rewarded surely.
  Thanks & Best Regards,
  Harish P M

  Closing as it was not replied.

• Authorizations SAP  CRM 7.0

  Hello experts,
  I have doubts about the authorization in SAP CRM 7.0.
  The issue is, our commercials in the system should see only their customers,  the system will know who are their customers by the relationships.
  So we want user to see only BPs who have a relationship with the user.
  I have been investigating and I have found the ACE functionality ( Access Control Engine)  It seen ACE meets our requirements but  I am not sure.
  It is possible to use ACE in CRM 7.0? I ask it because I have read lots of information about the use of ACE in CRM with EP (CRM in portal) and I know it is not possible to use ACE on SAP Gui, so I am not sure if it is possible to use it on CRM 7.0.
  Also I am not sure whether I can covert requirements ( showing BP base on relationship with the employee), by using other functionality of CRM such as PFCG authorization?
  Thank you very much in advance.

  Hi Luis,
  You need to create a authorization object with 'sales rep' ou 'sales office' key.
  Your commercials are linked with these objects in master data? If no, create the link.
  After, in PFCG, create the key, as I said above, and done.
  Rgs,
  Fábio

• No authorization error in BW report

  Hi ,
  when I am trying to run a report in BW , its giving an error like,
  "you dont have authorization to read  the object"
  how can i solve this problem ? please help.
  Regards,
  Ryan.

  Hi Srinivas,
  thanks a lot for your reply.
  can you tell me whether there is any settings to be done in CRM  system regarding the authorization in BW ?
  Waiting for your reply.
  Regards,
  Ryan.

• Credit card Payment Authorization

  Hi All,
  My Requirement: Non SAP CRM will request payment authorization by giving the data's of Credit card details, required Amount, sales area details. Now SAP need to send result of authorization. this is not during Sales order creation.
  I found a BAPI for this "BAPI_CREDITCARD_AUTHORIZATION".
  1. I want to know whether this is enough for the requirement?
  2. Do we need to configure something for this?
  3. Is there any interface required for processing payment authorization? or SAP will maintain the data's?
  Please suggest.
  TIA
  Muthu

  Hi Muthu,
  I think I am a lot clear now.
  If that is the case, you want to use BAPI_SALESORDER_SIMULATE, BAPI_SALESORDER_CREATEFROMDAT2 and BAPI_COMMIT.
  If your CRM order can be saved with card declined information, you can skip to BAPI_SALESORDER_CREATEFROMDAT2.
  First, you will populate credit card information to BAPI_SALESORDER_SIMULATE. This BAPI returns the authorization response to the calling system without storing the order in R/3. If the authorization was declined and your CRM system does not save the order with card decline, you stop here.
  Once authorization is obtained, you can then call BAPI_SALES_ORDER_CREATEFROMDAT2 with credit card information (again) and AUTH_FLAG = 'X'. If this field is blank, SAP will use the credit card details to request a new authorization. If it is = 'X', then SAP will use that to build a REQUEST and a RESPONSE line in the payment card header screen.
  Don't forget to COMMIT.
  Let me know if you have further questions.

• SU24 for CRM UIU Component

  Hello Experts,
  As the CRM "PFCG Roles and Authorization Concept" didn't mandate to maintain SU24 for the CRM UIU component. I wonder if anyone out there maintained it for UIU component or not? If maintained was it really helpful in your assignment?
  CRM "PFCG Roles and Authorization Concept" document link:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/00515e75-f1d0-2c10-bebb-e5675f470ee6?quicklink=index&overridelayout=true
  Thanks in advance for your input.
  Thanks,
  Himadama

  We had used a concept where in the UIU_COMP objects were enabled and disabled based on the unit testing between the front end and the backend.
  We did try adding the components to menu for plug-ins and outs it was a failure because the business roles were not configured or in otherwords 1:1 matching between the business role and PFCG role could be achieved.
  I would simply take the UIU_COMP roles copy it in PFCG work with the help and inputs from CRM team to complete the security task
  I was recently asked by an expert to maintain objects in SU24  for CRM
  I always thought we use transactions and then check and maintain objects in SU24
  Probably we could do that in SU22 as an external service.
  In my project almost a year ago, I did not put any object on and off, I worked with the role directly to edit the field values of the CRM authorization objects.
  Of course remember to disable S_SERVICE object
  Edited by: Franklin Jayasim on Sep 14, 2010 1:22 AM

• S_DEVELOP authorization needed for CRM Web Client in SAP CRM 7.0?

  We implemented an own WebUI component in SAP CRM 2007 and use it in others components (with USAGE).
  After we transport the component in SAP CRM 7.0 we always got an error CX_BSP_DLC_CONFIG_GENERAL_ERR at loading the component. But if we set the permission to SAP_ALL all thing work fine.
  In SAP Note Nr. 1367944 we read:
  "It is not possible to run the CRM Web Client without the S_DEVELOP, activity=03
  authorization because it is needed by the Web Client Framework.
  The S_DEVELOP authorizatin is part of the SAP_CRM_UIU_FRAMEWORK PFCG role, which must
  be assigned to every user."
  "This dependency has been removed in CRM 7.0."
  Do we need to install some other SAP Notes at SAP CRM 7.0?
  Many thanks for advices!
  Handri Gunawan

  Hi Handri,
  I asked my collegue here, who created the note.
  The note is correct, in CRM 7.0 you do not need S_DEVELOP anymomre.
  The error that you have might occur because of another reason.
  Could you track the call stack of this exception?
  And send me back the call stack?
  Regards,
  Steve

• Question regarding Authorizations in SAP CRM 7.0

  Hello,
  The problem is this:
  We have a client who will use two ways of accessing SAP CRM 7.0 data -
  1. CRM Web UI
  2. Mobile devices via standard SAP CRM BAPIs
  Now the situation is that the client wishes to control display authorizations based on the Business Role. Certain Business Roles can allow its User to see Accounts where the User is also Employee Responsible and certain other Business Roles can allow its User to see all those Accounts that are associated with that Role. In summary Business Roles control what an User can see.
  This has already been implemented for the CRM Web UI using the Access Control Engine (ACE).
  Now the questions are:
  1. How do we implement this for BAPI Access?
  2. Should we recreate what has been achieved by ACE, via PFCG Authorization Profiles?
  3. Can we not reuse what has been done by ACE?
  4. What are the runtime APIs that allow somebody to use the authorization checks of ACE?
  5. Does the standard Function Module CRM_ORDER_CHECK_AUTHORITY_ACE help in this regard?
  Any help here will be greatly appreciated. Please let me know if you need any clarifications.
  Thanks in advance.
  Best regards,
  Sudhi

  Hello,
  Normally, some notes are recommended in addition to the current support package implementation because they were developed to solve any known issues. These known issues occurred as side effect of any note which belongs to the implemented support package.
  If you take a look at older release notes, you will see the same.
  This is a part of implementation stack.
  1345085  SAP SRM 7.0 SP Stack 04 (09/2009):Release & Information Note 
  1365574  SAP SRM 7.0 SP Stack 05 (12/2009):Release & Information Note   
  1436687  SAP SRM 7.0 SP Stack 06 (03/2010):Release & Information Note 
  Kind regards,
  Ricardo

• SAP CRM 7.0.2 issue regarding authorizations

  Hello,
  I have noticed that the role change is not reflecting immediately for the user in CRM 7.0.2 Web UI. Is anyone facing the same issue like this? If so, any solution to this for immediate effect?
  Thanks in Advance.

  Hi Luis,
  You need to create a authorization object with 'sales rep' ou 'sales office' key.
  Your commercials are linked with these objects in master data? If no, create the link.
  After, in PFCG, create the key, as I said above, and done.
  Rgs,
  Fábio

• How to use CRM authorization object.

  Hi All,
  I have a specific requirement to restrict user while he/she tries to save a record. It appears that if that restrictions are implemented the save logic for an entity has to be changed because there are some validation regarding relationship management in SAP system. SO I need to bypass that validation to allow some users of specific(Marketting) role to save the entity record bypassing that validation. here I am planning to use the CRM authorization objects. But dont know how to use these and which authorization object to refer.
  Please let me know if you guys have any idea.
  Regards,
  Bikramjit.

  Hi Bikramjit.,
  You might need to create a Custom authorization object and then use it. Else you can create one Z table and maintain the User ID of all users. The mainatin one field with flag and set it to X for the user that are aloowed to save the transaction.
  Also once you maintain the table, generate the table maintenance so that it becomes easier for future use.
  Hope this helps

• ICSS: authorization in SAP CRM 7.0

  Hello Experts,
  Is it possible to restrict via authorization acces to diffrent types of transaction in ICSS in SAP CRM 7.0? For example some clients can have acces to complaints, some to service request and some for both.
  Regards
  Piotr

  Of course, you can. If you are creating the Z: roles for SAP_CRM_ECO_ISE_WU_B2B, then in this role, in the CRM Component, there is an authorization object called CRM_ORD_PR and a field name PR_TYPE. You can go an change the individual users with access to different transaction types or create Z: object or Z:role for each group as you wish. Use the field name ACTVT to control the access to the transaction type.
  Please note, there may still be some discrepancies in the search selection in the ICSS. Though you may want to restrict the user to not to access "Complaints", the restriction may work at the transaction level, but not at the search level. You may still see "Complaint" object in the Search dropdown list.  I am not sure if SAP has covered all the features of ICSS to abide by this role.

• Maintenance of Authorization for transactions in CRM 5.0.

  Hi Experts .
  We are using CRM 5.0 with PCUI.
  TheBusiness  requirement is to maintain authorization for own transactions.the users who is involved in transactions should only be authorized to  Open & see the transactions.Other users who are not involved in partner function like "Assigned to" & "Account responsible " should not be able to open &  see the transactions like Activity .Lead , Opportunity ,Sales orders.& Service orders.System should give error message saying no authorizations.
  We tried with below authorization objects to achieve this
  CRM_ORD_OP (your own documents)
  - CRM_ORD_LP (organization levels)
  - CRM_ORD_PR (transaction type)
  - CRM_ORD_OE (sales area/service Org).
  - CRM_ORD_RL
  - CRM_ORD_RS
  But still system allows to open transaction belong to others.
  Is there any alternative to control this.
  Helpful answers would be rewarded max points.
  Thanks in Advance.
  Regards,
  Basavaraj Patil

  Hello
  in order to check authority object CRM_ORD_OE,
  CRM_ORD_OP and CRM_ORD_LP must not give authority. Please see
  online documentation for detailed information:
  http://help.sap.com/saphelp_crm40/helpdata/en/e9/
  b29a39e7aee372e10000000a11402f/frameset.htm
  Under the chapter 'Process Flow of Authorization Check in Business
  Transactions' you will find detailed explanations.
  I hope that I could be of help with that information. 
  Gerhard

• Authorization for Attribute Set in CRM

  I saw the authorization field 'Edit' and 'Assign' in attribute set in CRM (i.e transaction : CRMD_PROF_TEMPL)
  Can someone explain to me what does it mean ?

  Hello,
  first of all welcome to SDN. You will find a description how to use this fields in the CRM Documentation: <a href="http://help.sap.com/saphelp_crm50/helpdata/en/2b/59dc49c50911d3b29b0050da3ee986/frameset.htm">Working with Attribute Sets</a>. Have a look at the second last paragraph.
  Regards
  Gregor

• Authorization Check in Business Transactions in CRM 2007

  Hi everybody, I have a problem whit the authorization check in CRM 2007.
  This link help me to follow the steps
  http://help.sap.com/saphelp_crm60/helpdata/en/e9/b29a39e7aee372e10000000a11
  I follow this steps:
  1.- Created a new single role on the PFCG
  2.- On the Menu tab add the transaction BSP_CRMD_BUS2000108 (Trax for LEADS)
  3.- On the authorization tab create a new profile and in the authorization data set the values for CRM_ORD_OP: PARTN_FCT ‘00000012’, PARTN_FCTT ‘*’, ACTVT ‚'02,03’
  4.- Generate the authorization.
  5.- Set my user "TESTUSER" on the user tab
  6.- Save the profile
  Then, I login to CRM whit TESTUSER and I see all the leads.  I miss something, what could be the problem ?
  Thanks for your help

  Hi Shaji, Pankaj and Jushan, thanks four your answers.
  I still have the same problem, I want to see only my leads that I´am the responsible, after I generated the authorization and assign the role to my user from tcode PFCG and SU01, I logout and login again and no changes, I still see all the leads.
  Another test I made, I changed the authorization data and set the values for CRM_ORD_OP: PARTN_FCT ‘’, PARTN_FCTT ‘0008’, ACTVT ‚'’   (person responsible)  and the results was the same, see all the leads.
  How works the User Comparisons and how can I check for errors in my pfcg role ?
  Thanks for your help.