Region based authorization for user in crm

hi
In our project, there is a requirement that CRM users should be able to access master & transactional data related to a region for which they are responsible.
I was told that it can be achieved using PPOMA. I have defined org units for region and assigned positions to it. But I don't know how to proceed further.
Please help me in resolving this.
thanx & regards
hits

i'm fairly sure that solely using PPOMA/E will not do the trick. what you can do there is implement the structure of your organization and attach roles to either org units or positions. after that you attach users to the positions so that they will have the access to the authorizations that stick to that position. additionally you might want to put some roles to the org units to establish an interitance from org unit to position to user. this is very nice for the 'overall' basis role everybody needs.
but now for your question. the elements that represent your 'regions' must be someplace in the role - preferably in the organizational levels of that role - like say: a plant or purchasing group or sales unit or such - the relation from that organization level to the user will be drawn manually by your attaching the role to a position (or org unit). the emphasis here is with 'manually' - so you do it.
so. this all goes for ERP, but not necessarily for CRM. since i know next to naught about CRM it might be different there but i very much doubt it, since you could ALE-distribute your users/org-scheme to - say: a CRM system belonging as a child to a CUA so necessarily it would have to follow the same structure. mind you: i might be wrong ...

Similar Messages

  • How to Control authorization for users with certain status for level 2 WBS Element

    Dear All,
    Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
    Pre-requisite:
    There is only 2 level of project i.e.
    Lev_ WBSE_______Description
    1___ 7-14.E_______summay outage controller
    2___ 7-14.E.2310__ Plant/unit # 2310
    2___ 7-14.E.2310__ Plant/unit # 2220
    Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
    Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
    User ID_ Plant #
    123345_ 2310
    122455_ 2220
    Issue:
    After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
    Solution required: 
    Can any one tell how to control this scenario either by standard or enhancement available to control authorization
    BR
    Saqib Usman   

    Hi,
    Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
    Thank you and regards,
    Varshal Kachole
    The SCN Rules of Engagement

  • Maintenance of Authorization for transactions in CRM 5.0.

    Hi Experts .
    We are using CRM 5.0 with PCUI.
    TheBusiness  requirement is to maintain authorization for own transactions.the users who is involved in transactions should only be authorized to  Open & see the transactions.Other users who are not involved in partner function like "Assigned to" & "Account responsible " should not be able to open &  see the transactions like Activity .Lead , Opportunity ,Sales orders.& Service orders.System should give error message saying no authorizations.
    We tried with below authorization objects to achieve this
    CRM_ORD_OP (your own documents)
    - CRM_ORD_LP (organization levels)
    - CRM_ORD_PR (transaction type)
    - CRM_ORD_OE (sales area/service Org).
    - CRM_ORD_RL
    - CRM_ORD_RS
    But still system allows to open transaction belong to others.
    Is there any alternative to control this.
    Helpful answers would be rewarded max points.
    Thanks in Advance.
    Regards,
    Basavaraj Patil

    Hello
    in order to check authority object CRM_ORD_OE,
    CRM_ORD_OP and CRM_ORD_LP must not give authority. Please see
    online documentation for detailed information:
    http://help.sap.com/saphelp_crm40/helpdata/en/e9/
    b29a39e7aee372e10000000a11402f/frameset.htm
    Under the chapter 'Process Flow of Authorization Check in Business
    Transactions' you will find detailed explanations.
    I hope that I could be of help with that information. 
    Gerhard

  • How many ways we can create authorization for user groups in sap query reports

    Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
    Please send me if u have any suggestions and useful threads.
    Thank You,
    Suneel Kumar.

    I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
    http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
    Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
    Use AUTHORITY-CHECK to restrict access to the database based on user.
    Press F1 on AUTHORITY-CHECK to find out how to use it in the code

  • Defining Authorizations for User to restrict the data in report.

    Hi Gurus,
    I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
    Ex.
    i have functinal location info object checked as authorization relavent with below data.
    FL001
    FL002
    FL003
    FL004
    FL005
    FL006
    FL007
    FL008
    FL009
    We have users like below.
    User1
    User2
    User3
    Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
    If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
    So, Please help me providing the completed steps. I have done somting but failed.
    Thanks in advance
    Peter.

    Hello Peter,
    Please go through the following links
    Authorization :
    http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
    SAP Authorization Concept :
    http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
    Thanks.
    With regrads,
    Anand Kumar

  • Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

    Hello,
    I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
    AIX 5.3 TL10 SP1
    DB2 V9.7 (without any fixpack)
    After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
    I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
    SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
    db2 => get authorizations
    Administrative Authorizations for Current User
    Direct SYSADM authority                    = NO
    Direct SYSCTRL authority                   = NO
    Direct SYSMAINT authority                  = NO
    Direct DBADM authority                     = NO
    Direct CREATETAB authority                 = NO
    Direct BINDADD authority                   = NO
    Direct CONNECT authority                   = NO
    Direct CREATE_NOT_FENC authority           = NO
    Direct IMPLICIT_SCHEMA authority           = NO
    Direct LOAD authority                      = NO
    Direct QUIESCE_CONNECT authority           = NO
    Direct CREATE_EXTERNAL_ROUTINE authority   = NO
    Direct SYSMON authority                    = NO
    Indirect SYSADM authority                  = YES
    Indirect SYSCTRL authority                 = NO
    Indirect SYSMAINT authority                = NO
    Indirect DBADM authority                   = NO
    Indirect CREATETAB authority               = NO
    Indirect BINDADD authority                 = NO
    Indirect CONNECT authority                 = NO
    Indirect CREATE_NOT_FENC authority         = NO
    Indirect IMPLICIT_SCHEMA authority         = NO
    Indirect LOAD authority                    = NO
    Indirect QUIESCE_CONNECT authority         = NO
    Indirect CREATE_EXTERNAL_ROUTINE authority = NO
    Indirect SYSMON authority                  = NO
    db2 =>
    The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
    SYSADM group name                        (SYSADM_GROUP) = DBENTADM
    SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
    SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
    The only solution was to grant the authorizations with an other user to db2ent.
    For the restore I created an new instance with the following command (as user root):
    /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
    I set the correct DBM configuration and created an empty database as user db2ent with the following command
    db2 create db ENT on /db2/ENT
    The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
    Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
    The authorization concept has been changed in DB2 V9.7
    http://www-01.ibm.com/support/docview.wss?uid=swg21385801
    Kind regards,
    Christian

    Hello All,
    I finished restore using redirect method, but i did not know about this security issue.
    Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
    but i get this error
    db2 => GRANT DBADM to USER DB2P60
    DB21034E  The command was processed as an SQL statement because it was not a
    valid Command Line Processor command.  During SQL processing it returned:
    SQL0707N  The name "DBADM" cannot be used because the specified identifier is
    reserved for system use.  SQLSTATE=42939
    Please help me.
    I need a solution at the earliest possible.
    Thanks,
    Sree

  • Authorization for User to Jump the Query

    Hi,
    The user1 (log is not generating for this user in RSSM) cannot use the jump target in the reports which have been placed under a role, whereas the other user2 (log is able to generate for this user in RSSM) is able to jump target in the reports in SAP BI.
    I need to give the proper authorization to user1 same like user2.
    How can I solve this issue.
    Thanks in advance.
    Regards,
    Ravi Sankar

    I dont understand what you mean with "(log is able to generate for this user in RSSM)"
    In RSSM you can create authorization objects....
    If you want to give some authorizations for  a specific query you must check the SU53 in order to see the objects that you need to add to the users profile.....
    The procedure is.......give th user the Query link in order to open the query....and obviously that action gives you an authorization error.....then enter to the SU53 and this transaction shows you the authorization object you need to add to the profile.....
    I hope this helps
    Regards

  • Authorizations For User Defined Forms

    Hi Experts !!!
    I have created a user form , and would like to apply authorization for that user form.
    Whether it is possible.I tried using standard method,but it seems that no such provision available ,
    And also I have created UDT . and would like to provide series for that UDT . My client wants that particulat UDT should be by 2 different users .and they need Series for that .
    Suggestions are appreciated
    Regards
    Krishna Vamsi

    Hi,
    You Can give authorizations to your customized (user developed) screens.
    Administration --> System Initialization --> Authorizations --> Additional Authourization Creator
    In right hand side you can find the structur.
    There defaultly XL reporter autorization will be there select the any one and click add same level button in bottom of the screen.
    Then in Right hand Side
    Authorization ID - give some unique id
    Name --> Description of Authorization
    In Option --> Select Full/read/None
    Item --> Tick as Item
    Then Come down you can find big text box, near to that you can find edit button, just click that it will open a popup window.
    In that window you please enter the Form Id of your user form
    to find the form id --> Just Enable the system information menu in menu bar and move the cursor to any item in your user screen, you can find the form id.
    Just type that form id in that pop up box.
    then Add the window.
    now Open the General Authorization.
    There in last row you can find the user authorization. just expand that you can find your authorization id and name there which you have created.
    Give your authorization there.
    thats it.
    There is no need for SDK Developement for Authorization.

  • Authorizations for users to change their own data

    Hi
    All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
    We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
    How to design role which should apply to all user requirements and they should get their Personnel no by default
    Kind Regards
    Vinod

    Hi,
       For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
    (i.e)  For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:                   
    1. Authorization level:  *               
    2. Interpretation of assignment
       User - personnel no:  I  
    3. Infotype           :  0002
    4. Subtype            :  *
    A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96

  • Authorization for user to release a PRQ

    Hi,
    I would enable in SU01 the authorization so that only users allowed to release PRQ can do this
    What is the authorization to add in SU01 for PRQ ?
    Thanks
    Best Regards

    - create a role(approver role) with Tcode ME55(collective release) and ME54N(individual release) if its only for PR,if you want for PO, add ME28(collective release) and ME29N(individual release).
    - when you create the role in PFCG, you can also see the authorization objects when you add the TCODES, so you can restrict even for plant level or purchase organization level.
    - In PFCG, assign the specified users to the role and also "check and compare users"
    Now authorization for approval is restricted

  • Authorization for user on WF

    HI All ,
    I am using WF for invoice and I want that during the process the user will
    assign it to other user .
    my question is how it work with authorization i.e. if user 1 get the WF and send it to user
    2 that don't have any authorization to display the invoice .
    does it work or it fail that the user dont have authorization?
    one more thing does the user need to have authorization for WF besides the business authorization
    for invoice ?
    Regards
    Alex

    Yes even as a end user you should haveenough roles to receive and process the workitems, aprat from the respective business process authorizations. As the workitems is a part of Org. management you should have right authorizations..
    [PLease refer Sap Help Docu|http://help.sap.com/saphelp_nw04/helpdata/en/8c/1923d1932b11d2a5ea0060087a79ea/frameset.htm]

  • Authorization for user

    Hi ,
    The minimum authorization for the Sales user in Sales Department..

    Neetu,
    Your question at least needs to be: If I would like our Sales user in Sales Department can do their job, what will be their least authorization?
    Am I right for your puzzle?
    If it is true then there is no minimum you can define.  No company has exaclty the same process.  You have to articulate what your Sales users need.
    Thanks,
    Gordon

  • Authorization for User Creation for Admin user

    Dear All,
    We have Cronacle 6.0.2.
    We have a requirement where in we want to create an admin user with all access to Redwood (in order to avoid using SYSJCS). We have and created an admin role with which our criteria is almost met. After assigning this admin role to our newly created admin user, everything work except user & role authorization. I am not able to create, delete or alter any user or role with this user.
    I have seen that we have the oracle system privileges related to user and role authorization (create user, alter role, etc), but when we are trying to assign the same to the admin user, its not allowing us to do so. We have tried the assignment using sysjcs from both RWE and from the shell using the SYJCS, RSI users.
    How can I achieve this? with which user?
    Any pointers on this would be highly appreciated.
    Thanks in advance for your help.
    Warm Regards
    Rajeet

    Hi Rajeet,
    This is because SYSJCS has the privileges to create users and roles in the database, but not the right to actually give out these privileges to other users.
    For that, you need a user with the DBA role in the database, or with the "create user" and "create role" privileges "with admin option". A user with the admin option on a privilege can hand out this privilege to other users.
    If you don't have any own users with these privileges yet, the SYSTEM user will work as well.
    Regards,
    Anton.

  • No RFC Authorization for user

    Hi
    I am trying to develop a report, with screeen painter, using 4.6c version.
    when i click on Layout editor , it doesnt show the screen from where I can drag and drop......and gives the message No RFC autorization for user.
    I havent worked on 4.6c. do I need to be authrorized or 4.6c dont have this facility.....please help
    thanking in advance
    cheers
    AJ

    Hi,
      it might be that the network guys have blocked specific ports that the screen painter uses to connect your SAP GUI to the SAP. "Please contact your system administrator"!! BASIS and then network/firewall guys. Also, install latest SAP GUI and patch.
    Reward please if helpful.
    Regards,
    George

  • User based Authorization for Documents

    Hi All,
    Is it possible to have following scenario?
    1)
    There is a folder A. Inside this folder there is a file abc.txt & xyz.txt.
    Now User 1 & User 2 both has access to folder A.
    User 1 can read / download the file abc.txt & xyz.txt
    User 2 can see only the name of the file inside this folder, but he cant download this file. And he can read / download xyz.txt file.
    and instead of user can it be given role based also???
    like abc.txt can be downloaded only by R&D role and noth any other users.
    The main perpose of this feature is to let user know there is a document stored in a particular folder but he can only see the name of this document.
    Regards,
    Purav

    Hi Jitendar,
    From permission we can do only read, write, read & write, Full control thats it.
    see the scenario I have given.
    User2 cant even read the file, he can only see the name of that file.
    I have seen the KM Permission link http://help.sap.com/saphelp_nw04/helpdata/en/4c/9d953fc405330ee10000000a114084/frameset.htm
    but still counldnt find the solution to my scenario.
    Regards,
    Purav

Maybe you are looking for