GRC 10.1 Business role and HR Trigger

Similar Messages

• Business Role and PFCG Role

  Hi all,
      I am new to CRM 7.0 Can someone explain  What is a Business Role in CRM 7.0 and what is the relationship between Business role and PFCG role. What is the transaction Code to create a Business role.
     And also I heard that there is no PCUI in CRM 7.0. Is it true and if so what is used in place of the PCUI
  Thanks.
  Neha.

  Neha,
  Next time please do a search in this forum on business roles, and you would find many topics discussing this information more completely.  I'm locking this thread due to it fact that this question has been asked many times before by many different people.
  These threads explain the topic in more detail:
  Re: Reg: Business Role
  Assignment pfcg-role to user and assignment pfcg-role to business role
  Thank you,
  Stephen

• Table that stores the business role and user id mapping

  Hi,
  i want to know the table that stores the Business role and the business role and user id mapping in CRM system.
  Thanks in Advance.
  Regards,
  Pricy

  Hi Mary,
  There is no direct table but there is a way to find it.
  HRP1263 is the table where business roles are stored when maintained at org level. These are stored against the Position.
  For getting user ID and position linkage refer table HRP1001.
  In HRP1001 table use below criteria to get the User and Position.
  OTYPE = CP
  SCLAS = US
  SOBID = User ID
  ENDDA = 31.12.9999
  Get the OBJID
  Query the HRP1001 table again with following
  OTYPE = CP
  OBJID = OBJID from above Query
  ENDDA = 31.12.9999
  SCLAS = S
  SOBID = Thats Position.
  Pass the position to HRP1263 as below.
  OTYPE = S
  OBJID = POSITION
  PROFILE - Thats business role assigned for the given position and user.
  Hope this is helpful.
  Regards,
  Naresh

• Displaying business role and organization unit info in context area

  Hi gurus,
  I want to bring the business role and organizational unit details with which the user has loogged in the web UI in context area.
  Other idea may me next to the logo. Below is the example how it should look like
  Logged on as: Business role/Organization unit details
  Can anybody please help.
  Regards
  Yogesh

  Hi
  The following link provides required solution.
  https://wiki.sdn.sap.com/wiki/display/CRM/WelcomeUserMessageinWeb+UI
  Paparao

• Which table stores relationship of business roles and its associated roles.

  Hi,
  I want to know the table that stores the relationship between a Business role and its associated roles.
  Please note that i am aware of the table GRACBUSROLESNAP that stores the business role relationship corresponding to a request id and this is not what i am looking for.
  I want to know the table which stores the definition for business role.
  Thanks & Regards,
  Khush Bafna.

  Hi Khush,
  I think table GRACROLERELAT is used to store business role definition.
  Best Regards,
  Aman

• Business Roles and Tasks

  Hi experts,
  We´re involved in a SAP CRM implementation. We´d need to know if it´s possible to link Transaction Types with a Business Role. This is, when the user goes to create a new task, a window pops up with all tasks: is it possible to limit Tasks by Business Role? Maybe there´s a customizing point where you can define, by business role, the availabe tasks for that business role.
  Thanks in advance.
  Javier

  Hi Javier,
  As far as I understand you want to restrict transaction types per business role.
  You can achieve this by customizing. You can create a transaction profile in customizing for each business role and assign the transaction types you have created to this transaction profile.You can find this customizing activity in spro transaction.
  Then you can assign transaction profile you have created to your business roile by assigning function profile 'transaction profile' to the business role in crmc_ui_profile tcode.
  In this way when you login with the business role the transactions you have maintained in transaction profile will only be shown up in the pop up.
  I hope this helps yiour requirement. Let me know if you require any further information. Thanks.
  Regards
  Yogesh

• CRM Architecture: relations between business roles and transaction

  Hello Experts!
  I am dwelling on the topic of the relations between Business Roles, Transactions, Transaction Types etc. Do you know if there is any architectual diagram to make clear how these objects are related, and how they depend on each other?
  Thank you for help!
  Karolina

  Hi Javier,
  As far as I understand you want to restrict transaction types per business role.
  You can achieve this by customizing. You can create a transaction profile in customizing for each business role and assign the transaction types you have created to this transaction profile.You can find this customizing activity in spro transaction.
  Then you can assign transaction profile you have created to your business roile by assigning function profile 'transaction profile' to the business role in crmc_ui_profile tcode.
  In this way when you login with the business role the transactions you have maintained in transaction profile will only be shown up in the pop up.
  I hope this helps yiour requirement. Let me know if you require any further information. Thanks.
  Regards
  Yogesh

• Multiple business roles and org data determination

  Hello together,
  we are having an issue with the organizational data determination. Some users have multiple business roles in different sales organizsations. This means, they are assigned to several units in our org modell.
  This users can select the business role after the login screen. But this selection doesn't affect the org data determination (rule: ORGMAN_12).
  For example. My user is assigned to 4 different org units. After the login i select a role. In debugging i can see this role, but the system selects only the first role and not the role i've selected after the login.
  Is there any other rule which follows the select business role? Or can i assign one user only to one unit?
  Best regards
  Sascha

  Thanks for your reply!
  The problem is, that i need exactly the org unit according to the selected business role at the beginning. Because we have in one company different distribution channel (e.g. 10, 20, 30). And depending on this the user can create an business partner in 10, 20 or 30. So, in our case we have some users assigned to 10 AND 20 AND 30. For each channel we have one role.
  Our org modell looks like this:
  company XYZ
  --channel 10 ( role 'salespro10')
  mustermann-m
  --channel 20 ( role 'salespro20')
  mustermann-m
  --channel 30 ( role 'salespro30')
  mustermann-m
  If the user mustermann-m select salespro10 he should be able to create a business partner in channel 10. And if the user select the salespro20 he should be able to create the bp in channel20.
  But if you use the RH_STRUC_GET i get ALL assigment.
  Best regards,
  Sascha

• Link to Business Role and User Account

  How to link an user account with a business role so that the user account can work with the new UI?

  Hi,
  Go to transaction PPOMA_CRM. Search for your business role say SALESPRO in the Position Search.Double click on the role so that its details are visible on the right hand side.Then search for your user from the user search.When it comes in the left side bottom, drag and drop it to the position on the right side.
  Regards,
  Rohit

• Business role and user defenitions

  Hello,
  What is the difference between a business role definition and the user definition?

  Hi,
    User will maintain in SU01 tcode.
  Under Owned Users, the Catalog Manager displays the users for which you have owner rights. SQL Studio allows you to view information about these users, and rename and delete users.
  ·        To display information about a user, select the user name, choose Catalog Manager ® Open Object Definition.
  ·        To change a user name, select it and choose Catalog Manager ®Rename Object.
  ·        To delete a user, select the user name, and choose Catalog Manager® Drop Object.
  Business roles are any one like vendors, customers , competetors etc.
  All the roles will maintain under Businss partner level. If you want to see the roles go to BUT100 table.
  Regards
  Srinu

• Automatic Creation of Roles and Role Mappings in GRC

  Hi,
  we are planning to use SAP Identity Management and SAP GRC Access Management.
  In SAP IDM we have defined several business roles that contain privilieges in SAP systems. When a user is requesting a role, the request will first be sent to SAP GRC for approval and risk checking.
  In order to get this to work, we need to load the business roles of SAP IDM into SAP GRC and we also need to configure the role mapping between the business roles and the technical SAP privileges.
  From what I understood, this could be implemented by loading the required information via Excel filles into SAP IDM.However, this is a quite cumbersome and error-rpone approach an we would like to automate this.
  Is there a way to use e.g. web service calls to create/delete roles and role mappings in SAP GRC?
  BTW: is a documentation of all available GRC web service calls and their parameters available?
  Thanks for your help in advance!
  Best regards
  Tom

  Hi Tom,
  as stated before, the web service description is in the config guide.
  Unfortunately there is no web service to create roles or even mappings in CUP - this is one of many I would also like to se created
  I don't think in your context you will be able to directly send Business Roles to CUP. The role mapping only happens after you send the request, so I'm not sure if that's in time for risk analysis - you will need to try that.
  Are you a customer or a consultant - anyway, feel free to contact me if you need further help integrating CUP and IdM. This is an evolving interface with many possible scenarios, so it's not easy to give you good advise without seeing the full picture.
  Frank.

• IDM GRC Business Role managment

  Hi experts,
  We integrated SAP IDM with GRC,
  Now our requirement is creating a business in IDM/GRC, request for business role is raised for IDM and approved by role owner in GRC after risk analysis.
  But SAP said business roles and portal groups are not supported between the systems.
  Kindly suggest how to accomplish this.
  Regards,
  Jaya

  Hi Jaya,
  Yes I remember this is possible. You can setup a customize attribute in GRC privileges. And put the business role name into this attribute.
  Try this URL, but perhaps your GRC consultant should read it instead of you.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0e2c628-2690-2e10-0d82-dbf1931db2cd?QuickLink=index&overridelayout=true&51565377381172
  After creating the attribute, you need to revise the GRC framework to include this attribute (business role name) in your request.
  I don't have a working IDM system (with GRC integration) with me. I could not provide you more details.
  Cheers,
  Chenyang Xiong

• Multiple PFCG Roles to a user and one business role

  Hello SAP CRM Experts,
  we are facing a problem then I need your help.
  The external user can access the CRM through three distinct business roles.
  However, for each of these business roles, there are specific access
  rules configured in three different PFCG profiles.
  In the registration of the user (SU01), are assigned the three profiles
  PFCG because the user must have access to three different business roles.
  However, for one of the profiles the ability to modify the document
  service order is blocked and for the other is allowed to modify this
  document.
  Is there a customizing where I can associate the PFCG role to the
  business role, and then, when the user logs into the system, it
  identified the business role that he accessed the PFCG profile associated.
  However, this configuration is not working, and did not solve the problem.
  It seems to me that there is a merge of all the permissions that the user
  has, and is not being considered the PFCG role associated with the
  specific business role.
  This is really correct? The merge permissions occurs?
  Best regards,
  Diogo Lupinari

  Yes, thatu2019s correct.  When user is assigned multiple PFCG roles, all authorizations are in play.

• Pfcg and business roles

  hi all,
  we have the requirement where we have to create 4 businessroles and out of 4 a manager  rolerequires authrization for all 4and customer rep requires authrization . for 3
  how to achieve that?
  i have crated 4 pfcg id s for 4 roles and assigned it to a business role(manager) which is copied from the standard.
  since manager requires 4 roles i  created 4 manager roles and assigned 4 pfcg ids
  is this the correct approach?
  please help out as i was new to crm 2007
  thanks
  madhuri

  The business role is user for customazion of web ui screens, while authorization roles are used for security reasons. So you need 4 business roles only if you need to maintan 4 different types of screens. If not, use just one.
  On the other hand I guess you need 4 authorization roles because you want to give 4 different types of authorizations to users.
  So, if you need just one type of screen, create one business role and assign it to users simply by using parameter CRM_UI_PROFILE. and authorization role assign via pfcg.
  But if you need 4 b roles and 4 a roles that are always in corelation 1:1 then you can do it also as you wrote.

• SAP Business Roles

  Hi,
  Has anyone ever worked with business roles. I am new to the OCM side having worked on the security side for many years. I am working on a project developing business roles and needed more details on how business roles link to security roles?

  Thanks Matt,
  I think get I the picture now
  One thing that I am still not sure about is how the sap abap technical roles or profiles are provisioned through workflow
  Here is what Ive done so far
  1. HCM data loaded into productive identity store via vds
  2. Did an initial load of the abap system into the productive identity store (now the technical roles and profiles are loaded as privileges in the idstore)
  3. Through workflow I select a user that already has an abap account and assign that user some additional sap technical roles, for e.g. sap_all and sap_new. The corresponding privileges for these roles are namely PRIV:PROFILE:ECX:SAP_ALL and PRIV:PROFILE:ECX:SAP_NEW .
  4. For the provisioning to occur so that these new privileges are reflected in the ABAP system for this user, I have used the setABAPRole&ProfileForUser task from sap provisioning framework folder and set it as the add/mod/del  event task for the MXREF_MX_PRIVILEGE attribute. That way whenever a privilege is added to a user account the setABAPRole&ProfileForUser task will run and the sap_all and sap_new profiles will be added in the backend. This way I can avoid setting a provisioning task for each abap privilege that gets loaded.
  But it should be obvious now that there is a flaw with this kind of setup, because all non abap privileges that get added or removed will trigger the setABAPRole&ProfileForUser task anyway because the privileges use the same attribute i.e.MXREF_MX_PRIVILEGE. So it brings me to the question how do you provision abap technical roles or profiles through workflow without setting a provisioning task for each abap related privilege.
  Thanks again for all your help!
  Leo