CRM_ORD_OP - Auth to own documents  CRM Security

Hi all,
      In CRM, I built a role that should allow a sales rep( to whom the role is assigned) to display only the documents created by him using the CRM_ORD_OP authorization object . But when he clicks on the search button he is able to display all the documents which are not created by him also.
Thanks.
Neha

Hi Neha,
Refer to the following URL
<a href="http://help.sap.com/saphelp_crm50/helpdata/en/4a/b9f63a8ab2c745e10000000a114084/content.htm">Controlling options in CRM</a>
Perhaps you might need to try with the following values and see if he is still able to get access to others documents.
Apart from this try to see if the User getting hte access form some other role assigned to the user in that case u can run a trace and compare the values with
RC=0 which means that he is having access to these authorizations.
Lastly sometimes the SU24 Check is inactive make sure that its in either C(check) or CM (check/maintain) mode
Perhaps this is what the user needs accesss to.
A user wants to keep the authorization to process a document in which he himself is entered as the employee responsible.
You assign the following authorizations:
CRM_ORD_OP: PARTN_FCT ‘’, PARTN_FCTT ‘0008 ’, ACTVT ‚’
hope this helps..
Regards,
Manohar

Similar Messages

  • Can users display only own documents in Web CRM?

    Hello
    is it possible to have a limitation for users in diplaying documents (sales order, quotes, tickets, and so on) in web CRM?
    Each user can access to own documents with a super user able to display all.
    We are in the situation where sales reps do have to displays only own orders, while the Sales Manager can display all.
    Thanks
    Paolo

    As a default, users with the Sales Rep Role will only see their own assigned customers and assigned customer documents in the Sales View.  However, they could still search for customers assigned to other reps in any of the search fields. 
    If you wanted to go further than that you could create a custom role that keeps them from accessing pages or components that allow searching but I doubt you could disable them all without seriously affecting some pages and functions (like searching for a customer's name and contact when creating an activity).
    I suspect it would take some custom work to truly isolate every rep and his/her customers and documents from every other rep in every situation.

  • Difference between SAP CRM Security and SAP ECC 6.0 security

    Hi
    I have extensively worked on SAP ECC security but haven't have chance to work on CRM Security.
    Can anyone please let me know the difference between CRM security compared to  ECC security.
    Thanks...

    I am sorry to say, but instead of giving the guy a decent answer you are starting a fight or discussion about stupid forum points...
    really sad.....
    The big  difference between SAP ECC and SAP CRM Security (up to release 5.0) was the following:
    1) For sure there are very different transaction codes in SAP CRM as compared to SAP ECC in the first place
    2)  If you are familiar with R/3 or ECC authorizations; then you know that already on transaction code level, the 'allowed activity' is controlled on tcode level , whereas in SAP CRM , in most cases the 'allowed activity is not controlled by the Transaction code, but on authorization object level....
    E.g. transaction code BP allows you to create/change/display  any type of Business Partner (e.g; sold-to/ship-to/contact person/employee/customer) which is based on the business partner ROLE concept.... anyway...you can control the allowed activity based on different authorization objects.....
    another example is business transaction processing...which can be launched by:
    a very generic transaction code: CRMD_ORDER
    transaction category related transaction codes :e.g.
          > CRMD_BUS2000126 for activity management
          > CRMD_BUS200115 for Sales processes
    Again...allowed activity is not controlled by the tcode, but on authorization object level...
    3) As of the new WEBCLIENT UI (which is valid as of release CRM2006s/CRM2007/CRM7.0) SAP also invented an extra authorization layer, which is UI COMPONENT LEVEL and logical links....  controlled by object UIU_COMP.
    However, they also introduced the BUSINESS ROLE Concept (e.g; SALESPRO/MARKETINGPRO/...) which defines actually the functionalities, navigation bar, screen configuration, logical links you can use/see within the new WEBclient UI.
    Another thing is that instead of using TRANSACTION CODES, as of these new releases, you are actually using 'external services'....so you do not authorize on tcodes basically....but the logic between tcodes and external services in relation to the authorization objects that are checked is more or less the same....
    STANDARD authorization setup in the new WEBUI client is therefore controlled by both backend authorizations (not UIU component related) and the UIU_COMP (restricting access to workcenters/logical links/...)
    4) Additionally SAP also provides a concept called ACE (which stand for ACCES CONTROL ENGINE)....
    This requires a bit of customizing...and the rest is more or less pure customer development, as you will create your own methods where you'll define a logic which dynamically will verify what kind of access you have for an object....
    You should now that ACE is actually implemented on top of your 'normal' sap crm security setup....
    cheers
    Davy Pelssers

  • Are theCRM training courses which would help me with building CRM security

    Hello,
        We are implementing CRM  and I am totally new to CRM. To build proper security around CRM, I am trying to find courses which gives me an understanding about CRM and the security implementation.  In addition to R/3 security courses, there are security specific courses for BW and HR which I am already familiar with.
    Can any one suggest me with relevant CRM courses?
    Thanks,

    Dear Prasanthi,
    Check the below thread which gives you some useful documents.
    CRM Security
    There are several threads with similar query in this forum. So please do a search before posting in the forums that will obviously save your time.
    Regards,
    Edited by: Lakshmi Venigala on Dec 4, 2009 5:31 PM
    Edited by: Lakshmi Venigala on Dec 4, 2009 5:32 PM

  • How can I turn off the WLS 6.1 security in order to develop my own application-based security module?

    Dear Colleagues,
    I am currently developing a J2EE application using WLS 6.1.
    My team and I have to implement a security requirement to suit our company's needs.
    The security requirements are that, users' password need to be aged (30 days maximum) and we need to provided a GUI front-end (JSP) to allow users to change their password when these expire after 30 days.
    Our internal contacts in the company, have already taken the lead to find out about whether we will be able to use the WLS 6.1 platform to do this and the answer we got back, was.
    Now we need to develop our own security module.
    I have 2 questions:
    1. How can we turn off the WLS security in order develop our own application-based security module?
    2. How can we develop a security module that allows us to age users' password and provide them with facilities to change their passwords when these expire?
    At the moment, we are using the default BEA WebLogic login.jsp page and there some configuration in the web.xml for this. I will be grateful if you could advise me on how to turn this default security off so that we can write our own security module.

    hi,
    1.You can write your own realm in 61 which can plugged for your security
    calls.
    2. once you write your ownrealm.. you can access it through weblogic
    api/ur api..
    thanks
    kiran
    "Richard Koudry" <[email protected]> wrote in message
    news:3dd0d081$[email protected]..
    Dear Colleagues,
    I am currently developing a J2EE application using WLS 6.1.
    My team and I have to implement a security requirement to suit ourcompany's needs.
    >
    The security requirements are that, users' password need to be aged (30days maximum) and we need to provided a GUI front-end (JSP) to allow users
    to change their password when these expire after 30 days.
    >
    Our internal contacts in the company, have already taken the lead to findout about whether we will be able to use the WLS 6.1 platform to do this and
    the answer we got back, was.
    >
    Now we need to develop our own security module.
    I have 2 questions:
    1. How can we turn off the WLS security in order develop our ownapplication-based security module?
    >
    2. How can we develop a security module that allows us to age users'password and provide them with facilities to change their passwords when
    these expire?
    >
    At the moment, we are using the default BEA WebLogic login.jsp page andthere some configuration in the web.xml for this. I will be grateful if you
    could advise me on how to turn this default security off so that we can
    write our own security module.

  • Acrobat 9 Pro Extended Document Processing Security

    Is there a way to associate a defined security policy in a sequence when securing PDFs inside a Portfolio?  We prefer our professionals use a managed security policy rather than set their own passwords when security deliverables.

    Please send me email [email protected] if you are interesting of how to apply managed security policy in the PDF.
    Steven;

  • Issue with Document Properties/Security

    I used adobe 8 proffesional to create a pdf form that I want digitally signed. 
    When I preview, I am able to add a digital signature and Document Properties/Security it indicates signature allowed. 
    When I open the document in Adobe Reader.  I cannot sign. 
    Document Properties/Security state Signing:  not allowed.   We are not using Echo.  Help!

    Per John T. Smith's comments, I will Move your post to the Adobe Acrobat Forum, where you will likely get directly help.
    Your links, and any e-mail subscriptions will follow.
    Good luck,
    Hunt

  • PDF Properties/Document Protection/Security/show details. List differs from Document Restriction Summary.

    Hello
    I have a number of PDFs that have user permissions.  When the files are opened in Adobe Reader the document's restriction summary lists differ and the form cannot be used as intended.
    Example  Open PDF Properties /Document Protection/ Security/ Show Details                                                    Properties/ Document Restriction/Security/Summary (I have changed
                                                                                                                                                                         the order to make easier for comparison.)
    Doc. Open Password         NO                                                                                                                                   
    Permissions Pass Word    YES                                                                                                                                                                                                                        
    Printing High Resolution     YES ......................................................................................... .....................................................YES                                                       
    Changing the Document     ALLOWED ........................................................................................... ..........................................NOT ALLOWED
    Commenting                     ALLOWED.......................................................................................... ............................................NOT ALLOWED                                                                                                                           
    Form Fill-in and Sign          ALLOWED ......................................................................................... ........................................... Fill ALLOWED........ Sign NOT ALLOWED                                                                                                      
    Document Assembly         ALLOWED............................................................................................ ..........................................NOT ALLOWED
    Content Copying                NOT  ALLOWED.................................................................................. ............................................NOT ALLOWED
    Accessibility                      ENABLED.................................................................................. ....................................................YES  (Content copy for Accessibility)
    Page Extraction                 NOT ALLOWED.................................................................................. ............................................NOT ALLOWED
    Template                           NOT SPECIFIED................................................................................ .............................................NOT ALLOWED.
    I am mystified why the two lists differ and the document when in use seems to be controlled by the list on the right, which takes away some of the user rights.
    Is there an explanation for this. I would have thought that as the documents were password protected for permissions such as commenting and signing Adobe Reader could not change this.
    Eric.

    Yes, thats right. I used Open Office 3 to generate the pdf. I have also tried using pdftk and Adobe Distiller 5 with the same result.
    Your statement implies, the 'Adobe Reader' features cannot be fully utilized without a valid Adobe Acrobat Pro.
    This is a document to which I have the source. I have been able to create the pdf with the required set of permissions based on standards. But I am being hassled because I didn't generate it with Adobe Pro! Well, I suppose this must have been a business decision, but its one thats standards contrary and morally low!
    Adobe just lost an avid Reader user. I shall circulate my findings within my work and social circles. Thanks to competition and open source, I am sure to find a standards compliant reader without much delay.
    Thanks for your help - graffiti
    Rahul Iyer

  • How can I create my own document type

    Hello
    I want to know if we can create our own document types. With
    coloring methods...
    Beacause I want to have a coloring methode for my templates,
    whose I edit them a lot of with dreamweaver. And it will be simply
    if they can have theirs colors.
    Sorry for my bad english, but I'm French... ;)
    Thank for all

    1. in factory sales we are using T.code J1IIN. that time it fetch which type of Billing docu;ment. and how we can see that document. where it isconfigured
    You cannot view the Billing type while creating the excise invoice.In SPRO,Tax on Goods Movement-->India >Business Transactions> Outgoing Excise Invoices -->Assign Billing Type to Delivery Types here you maintain the Delievry and Billing types with which you cancreate Excise Invoices.
    2.Is there any copy control system between commercial Invoice to Excise invoice?
    There is no copy control and the above step controls the relation between the billing and excise invoice.
    3.How I can create my own Excise Invoice Document type.
    You cannot create your own Excise Invoice Document type but you can create a Sub Transaction type and assign it while creating Excise Invoice to differentiate and pass the values to a different GL.

  • Concept behind CRM Security

    Hi,
       I have read about variuos objects and roles to be made in CRM , but could anyone help me to understand the basic concept and difference between CRM security and SAP r/3 security.
    the technical details required for implementing CRM security.
    Regards
    Puneet

    <b><commercial_advertising_removed_by_moderator></b>
    kind regards

  • APO and CRM security

    i have never worked with APO and CRM security. can anyone walk me through them. thanks

    >
    george G wrote:
    > Neither Have I ..but could wrk  on them after  reading few books on Security  from SAP
    >
    > Thanks
    famous last words .....APO & CRM are full of "features" when it comes to security.  Once bitten, twice shy

  • Sync CRM Security with Sharepoint

    I am a CRM Developer. We had a requirement to sync security roles of CRM with groups of sharepoint. For that I have create a mapping table where I have mapped CRM security roles with Sharepoint Groups. I am creating a plugin for CRM. We want when a user
    is added to a CRM team then the same user should be added to corresponding sharepoint group and vice versa. I have the sharepoint group name and user logon. We want:-
    1. If a user is added to CRM then my plugin will check whether the user exists in sharepoint if not then create it.
    2. Add user to the desired group in sharepoint. I already have group name.
    I am new to sharepoint therefore I will appreciate if someone can explain me in details what I have to do.
    Thank you
    Regards Faisal

    Hi,
    According to your description, my understanding is that you want to sync the user between CRM system and SharePoint.
    I suggest you can use Client Object Model to add user to group. 
    For the error message, you need to load the groupcollection firstly before you loop it like below:
    ClientContext ctx = new ClientContext(“http://foo&#8221;);
    //get the groups
    GroupCollection grps = ctx.Web.SiteGroups;
    //load up the group info
    ctx.Load(grps);
    //execute the query
    ctx.ExecuteQuery();
    // enumerate
    foreach (Group grp in grps)
    // do something with each group
    More information:
    Using the SharePoint 2010 Client Object Model
    How to: Work with Users and Groups
    Thanks
    Best Regards
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • CRM Security Design Concepts

    Hello Gurus,
    My Client is in a process of CRM implementation, as a security consultant , I am gathering the data from the business for CRM Role Design.
    Can Anybody share their design methodology in CRM Security.
    Best practices..
    Thanks in Advance
    -Thanks
    Sam

    Hi Sam,
    In CRM CIC, mostly users will be accessing the CRM system via Web client. Generally an ECC or R/3 system would exist as the backend. In CRM 2007/7.0, there is a concept of Business roles (BR) & PFCG roles as described in my earlier post.
    Every end user in the CRM would be assigned a Business role. Business role is created by CRM Functional Consultant & is assigned at Oranizational model/level via transaction PPOMA_CRM and corresponding PFCG role would be assigned via transaction PFCG
    To create the Business role, matrix for the same would be provided by some Business Consultant in your Project. That will describe the kind of access would be given to the end-user-meaning: Work Centers, Navigational links, logical links etc. You then need to create the corresponding PFCG role for a Business role. If your Organizational model is in such a way that only one Business role is created & assigned to all users, then you need to create several PFCG roles & you need restrict access based on the requirement in these roles. Else if there are several Business roles, then mostly Business roles will take care on the access restriction, then you may need to have only one PFCG role - it depends on how the Organizational model is set up & depends on whether the maintenance burden is on the Functional Team or Security Team
    Also if ECC is your backend system, roles need to be created for ECC also & they would be mapped with CRM roles as all backend work will be done in ECC system, so role matrix of both systems need to be mapped by the Business Consultant in your Project, you would then create roles for CRM & ECC system

  • [svn:fx-trunk] 10143: Library definitions weren' t resolveable if the owning document lived in package other than the root.

    Revision: 10143
    Author:   [email protected]
    Date:     2009-09-10 18:32:54 -0700 (Thu, 10 Sep 2009)
    Log Message:
    Library definitions weren't resolveable if the owning document lived in package other than the root.
    QE notes: None
    Doc notes: None
    Bugs: SDK-22082
    Reviewer: Paul
    Tests run: Checkin
    Is noteworthy for integration: No
    Ticket Links:
        http://bugs.adobe.com/jira/browse/SDK-22082
    Modified Paths:
        flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/InterfaceCompiler.java

    Remember that Arch Arm is a different distribution, but we try to bend the rules and provide limited support for them.  This may or may not be unique to Arch Arm, so you might try asking on their forums as well.

  • Seriously Adobe - by default you lock me out of my own document I just created??

    I need help!  So I am NOT new to Acrobat Pro - I have been using it since version 7 - but I am new to the new XI version and the whole creative coud thing and am a little ticked off at the moment... here's what's going on...
    I made a form yesterday.  Used to doing that in Acrobat pro but now it opens 'forms central'... okay, no problem, got used to it, liked the interfaced, worked great through creating my form fields and layout.  Nice.  Wanted to see what the doc would look like as a pdf that someone would actually fill so I saved it as a pdf and also printed it out so I could edit in paper in hand as I find I catch more errors that way.  So now today I go to open the form and make some corrections in my fields add something here delete something there, and I can not open the form for editing.  It tells me I can't do that.  So...Adobe you're telling me that I cannot edit my own form that I created just yesterday....  you're telling me that your default settings are to secure the document without any prompting so that it is locked for editing, even to the person who MADE it?   Seriously??  Am I missing something here?  I must be.   I do know how to go to tools then forms then eidt, but it is saying I am locked out of editing it... but I MADE it.  And I wasn't prompted to enter any security settings at all when I saved the pdf in the first place and did not manually make any settings, which I am fmailiar with from version 9.  So now... Do I have to open or log into Forms Central again to be able to open the document I created myself for my business and saved on my computer?  What is going on???????  I don't even know how to 'login' or 'launch' forms central - it is not even an app listed under the apps in my creative cloud login, so how to I get there, other than opening a new document, which is not what I want to do.  I want to edit the form I already made.  Somebody help!  this can't be a dead end. 
    What is wrong here?
    Thanks,
    Lee

    No, Nancy, I'm sorry it wasn't.  I was able to login to formscentral but under 'myforms' nothing is there.
    I just want to make a form in acrobat.  I never asked for 'forms central' in the first place, it just took me there.  And now it seems liek they are just trying to sell upgrades to additional features.  I am very unhappy with how Adobe has made the simple use of a product into something requiring multiple logins and web access and difficulty just saving and opening a document.  Very frustrating.  And I am paying MORE than I used to for CC now rather than just the Adobe Acrobat pro download.

Maybe you are looking for

  • Why doesn't my iPad update work?

    When i download the new update, which takes like 10 minutes, it fully downloads but then says there was an error due to an interruption with the network connection. My network is for sure connected to my iPad but no matter how many times i try to re-

  • Can't print more than 75 reports... Load report failed

    Hi, I have a problem: I can't print more than 75 reports without restarting my application. I'm using VB, Visual Studio 2005 and Crystal Reports Developer XI Release 2. It's a windows application. In the following examples I'm exporting to pdf but th

  • BOM to PDF

    Hi, I am playing with Adboe to see if there is a way to autocreate a BOM (Bill of Materials) parts structure complete with 2D drawings.  This is a typical Engineering application i.e., you have a Bill of Materials with assemblies and parts, the parts

  • My text icon shows I have two messages but I can't see them?

    Hello I have been notified that I have two texts, however I can't see them? Can you help

  • Is it possible to use HTTP GET navigation links?

    Hi, I'm learing JSF technology, I found it very powerful. But I'm not able to understand how generate navigation links that use HTTP GET method. Do anyone Help me? It seems impossilbe, but I don't want believe that it is true. Building a web site usi