Region based authorization for user in crm
hi
In our project, there is a requirement that CRM users should be able to access master & transactional data related to a region for which they are responsible.
I was told that it can be achieved using PPOMA. I have defined org units for region and assigned positions to it. But I don't know how to proceed further.
Please help me in resolving this.
thanx & regards
hits
i'm fairly sure that solely using PPOMA/E will not do the trick. what you can do there is implement the structure of your organization and attach roles to either org units or positions. after that you attach users to the positions so that they will have the access to the authorizations that stick to that position. additionally you might want to put some roles to the org units to establish an interitance from org unit to position to user. this is very nice for the 'overall' basis role everybody needs.
but now for your question. the elements that represent your 'regions' must be someplace in the role - preferably in the organizational levels of that role - like say: a plant or purchasing group or sales unit or such - the relation from that organization level to the user will be drawn manually by your attaching the role to a position (or org unit). the emphasis here is with 'manually' - so you do it.
so. this all goes for ERP, but not necessarily for CRM. since i know next to naught about CRM it might be different there but i very much doubt it, since you could ALE-distribute your users/org-scheme to - say: a CRM system belonging as a child to a CUA so necessarily it would have to follow the same structure. mind you: i might be wrong ...
Similar Messages
-
How to Control authorization for users with certain status for level 2 WBS Element
Dear All,
Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
Pre-requisite:
There is only 2 level of project i.e.
Lev_ WBSE_______Description
1___ 7-14.E_______summay outage controller
2___ 7-14.E.2310__ Plant/unit # 2310
2___ 7-14.E.2310__ Plant/unit # 2220
Project Controller (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
User ID_ Plant #
123345_ 2310
122455_ 2220
Issue:
After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
Solution required:
Can any one tell how to control this scenario either by standard or enhancement available to control authorization
BR
Saqib UsmanHi,
Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
Thank you and regards,
Varshal Kachole
The SCN Rules of Engagement -
Maintenance of Authorization for transactions in CRM 5.0.
Hi Experts .
We are using CRM 5.0 with PCUI.
TheBusiness requirement is to maintain authorization for own transactions.the users who is involved in transactions should only be authorized to Open & see the transactions.Other users who are not involved in partner function like "Assigned to" & "Account responsible " should not be able to open & see the transactions like Activity .Lead , Opportunity ,Sales orders.& Service orders.System should give error message saying no authorizations.
We tried with below authorization objects to achieve this
CRM_ORD_OP (your own documents)
- CRM_ORD_LP (organization levels)
- CRM_ORD_PR (transaction type)
- CRM_ORD_OE (sales area/service Org).
- CRM_ORD_RL
- CRM_ORD_RS
But still system allows to open transaction belong to others.
Is there any alternative to control this.
Helpful answers would be rewarded max points.
Thanks in Advance.
Regards,
Basavaraj PatilHello
in order to check authority object CRM_ORD_OE,
CRM_ORD_OP and CRM_ORD_LP must not give authority. Please see
online documentation for detailed information:
http://help.sap.com/saphelp_crm40/helpdata/en/e9/
b29a39e7aee372e10000000a11402f/frameset.htm
Under the chapter 'Process Flow of Authorization Check in Business
Transactions' you will find detailed explanations.
I hope that I could be of help with that information.
Gerhard -
How many ways we can create authorization for user groups in sap query reports
Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change the users .So please suggest me how to restrict users outside of the user group.
Please send me if u have any suggestions and useful threads.
Thank You,
Suneel Kumar.I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
Use AUTHORITY-CHECK to restrict access to the database based on user.
Press F1 on AUTHORITY-CHECK to find out how to use it in the code -
Defining Authorizations for User to restrict the data in report.
Hi Gurus,
I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
Ex.
i have functinal location info object checked as authorization relavent with below data.
FL001
FL002
FL003
FL004
FL005
FL006
FL007
FL008
FL009
We have users like below.
User1
User2
User3
Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
So, Please help me providing the completed steps. I have done somting but failed.
Thanks in advance
Peter.Hello Peter,
Please go through the following links
Authorization :
http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
SAP Authorization Concept :
http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
Thanks.
With regrads,
Anand Kumar -
Authorizations for user db2 sid after systemcopy with DB2 V9.7 on AIX
Hello,
I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
AIX 5.3 TL10 SP1
DB2 V9.7 (without any fixpack)
After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
db2 => get authorizations
Administrative Authorizations for Current User
Direct SYSADM authority = NO
Direct SYSCTRL authority = NO
Direct SYSMAINT authority = NO
Direct DBADM authority = NO
Direct CREATETAB authority = NO
Direct BINDADD authority = NO
Direct CONNECT authority = NO
Direct CREATE_NOT_FENC authority = NO
Direct IMPLICIT_SCHEMA authority = NO
Direct LOAD authority = NO
Direct QUIESCE_CONNECT authority = NO
Direct CREATE_EXTERNAL_ROUTINE authority = NO
Direct SYSMON authority = NO
Indirect SYSADM authority = YES
Indirect SYSCTRL authority = NO
Indirect SYSMAINT authority = NO
Indirect DBADM authority = NO
Indirect CREATETAB authority = NO
Indirect BINDADD authority = NO
Indirect CONNECT authority = NO
Indirect CREATE_NOT_FENC authority = NO
Indirect IMPLICIT_SCHEMA authority = NO
Indirect LOAD authority = NO
Indirect QUIESCE_CONNECT authority = NO
Indirect CREATE_EXTERNAL_ROUTINE authority = NO
Indirect SYSMON authority = NO
db2 =>
The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
SYSADM group name (SYSADM_GROUP) = DBENTADM
SYSCTRL group name (SYSCTRL_GROUP) = DBENTCTL
SYSMAINT group name (SYSMAINT_GROUP) = DBENTMNT
The only solution was to grant the authorizations with an other user to db2ent.
For the restore I created an new instance with the following command (as user root):
/db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
I set the correct DBM configuration and created an empty database as user db2ent with the following command
db2 create db ENT on /db2/ENT
The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
The authorization concept has been changed in DB2 V9.7
http://www-01.ibm.com/support/docview.wss?uid=swg21385801
Kind regards,
ChristianHello All,
I finished restore using redirect method, but i did not know about this security issue.
Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
but i get this error
db2 => GRANT DBADM to USER DB2P60
DB21034E The command was processed as an SQL statement because it was not a
valid Command Line Processor command. During SQL processing it returned:
SQL0707N The name "DBADM" cannot be used because the specified identifier is
reserved for system use. SQLSTATE=42939
Please help me.
I need a solution at the earliest possible.
Thanks,
Sree -
Authorization for User to Jump the Query
Hi,
The user1 (log is not generating for this user in RSSM) cannot use the jump target in the reports which have been placed under a role, whereas the other user2 (log is able to generate for this user in RSSM) is able to jump target in the reports in SAP BI.
I need to give the proper authorization to user1 same like user2.
How can I solve this issue.
Thanks in advance.
Regards,
Ravi SankarI dont understand what you mean with "(log is able to generate for this user in RSSM)"
In RSSM you can create authorization objects....
If you want to give some authorizations for a specific query you must check the SU53 in order to see the objects that you need to add to the users profile.....
The procedure is.......give th user the Query link in order to open the query....and obviously that action gives you an authorization error.....then enter to the SU53 and this transaction shows you the authorization object you need to add to the profile.....
I hope this helps
Regards -
Authorizations For User Defined Forms
Hi Experts !!!
I have created a user form , and would like to apply authorization for that user form.
Whether it is possible.I tried using standard method,but it seems that no such provision available ,
And also I have created UDT . and would like to provide series for that UDT . My client wants that particulat UDT should be by 2 different users .and they need Series for that .
Suggestions are appreciated
Regards
Krishna VamsiHi,
You Can give authorizations to your customized (user developed) screens.
Administration --> System Initialization --> Authorizations --> Additional Authourization Creator
In right hand side you can find the structur.
There defaultly XL reporter autorization will be there select the any one and click add same level button in bottom of the screen.
Then in Right hand Side
Authorization ID - give some unique id
Name --> Description of Authorization
In Option --> Select Full/read/None
Item --> Tick as Item
Then Come down you can find big text box, near to that you can find edit button, just click that it will open a popup window.
In that window you please enter the Form Id of your user form
to find the form id --> Just Enable the system information menu in menu bar and move the cursor to any item in your user screen, you can find the form id.
Just type that form id in that pop up box.
then Add the window.
now Open the General Authorization.
There in last row you can find the user authorization. just expand that you can find your authorization id and name there which you have created.
Give your authorization there.
thats it.
There is no need for SDK Developement for Authorization. -
Authorizations for users to change their own data
Hi
All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
How to design role which should apply to all user requirements and they should get their Personnel no by default
Kind Regards
VinodHi,
For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
(i.e) For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:
1. Authorization level: *
2. Interpretation of assignment
User - personnel no: I
3. Infotype : 0002
4. Subtype : *
A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96 -
Authorization for user to release a PRQ
Hi,
I would enable in SU01 the authorization so that only users allowed to release PRQ can do this
What is the authorization to add in SU01 for PRQ ?
Thanks
Best Regards- create a role(approver role) with Tcode ME55(collective release) and ME54N(individual release) if its only for PR,if you want for PO, add ME28(collective release) and ME29N(individual release).
- when you create the role in PFCG, you can also see the authorization objects when you add the TCODES, so you can restrict even for plant level or purchase organization level.
- In PFCG, assign the specified users to the role and also "check and compare users"
Now authorization for approval is restricted -
HI All ,
I am using WF for invoice and I want that during the process the user will
assign it to other user .
my question is how it work with authorization i.e. if user 1 get the WF and send it to user
2 that don't have any authorization to display the invoice .
does it work or it fail that the user dont have authorization?
one more thing does the user need to have authorization for WF besides the business authorization
for invoice ?
Regards
AlexYes even as a end user you should haveenough roles to receive and process the workitems, aprat from the respective business process authorizations. As the workitems is a part of Org. management you should have right authorizations..
[PLease refer Sap Help Docu|http://help.sap.com/saphelp_nw04/helpdata/en/8c/1923d1932b11d2a5ea0060087a79ea/frameset.htm] -
Hi ,
The minimum authorization for the Sales user in Sales Department..Neetu,
Your question at least needs to be: If I would like our Sales user in Sales Department can do their job, what will be their least authorization?
Am I right for your puzzle?
If it is true then there is no minimum you can define. No company has exaclty the same process. You have to articulate what your Sales users need.
Thanks,
Gordon -
Authorization for User Creation for Admin user
Dear All,
We have Cronacle 6.0.2.
We have a requirement where in we want to create an admin user with all access to Redwood (in order to avoid using SYSJCS). We have and created an admin role with which our criteria is almost met. After assigning this admin role to our newly created admin user, everything work except user & role authorization. I am not able to create, delete or alter any user or role with this user.
I have seen that we have the oracle system privileges related to user and role authorization (create user, alter role, etc), but when we are trying to assign the same to the admin user, its not allowing us to do so. We have tried the assignment using sysjcs from both RWE and from the shell using the SYJCS, RSI users.
How can I achieve this? with which user?
Any pointers on this would be highly appreciated.
Thanks in advance for your help.
Warm Regards
RajeetHi Rajeet,
This is because SYSJCS has the privileges to create users and roles in the database, but not the right to actually give out these privileges to other users.
For that, you need a user with the DBA role in the database, or with the "create user" and "create role" privileges "with admin option". A user with the admin option on a privilege can hand out this privilege to other users.
If you don't have any own users with these privileges yet, the SYSTEM user will work as well.
Regards,
Anton. -
Hi
I am trying to develop a report, with screeen painter, using 4.6c version.
when i click on Layout editor , it doesnt show the screen from where I can drag and drop......and gives the message No RFC autorization for user.
I havent worked on 4.6c. do I need to be authrorized or 4.6c dont have this facility.....please help
thanking in advance
cheers
AJHi,
it might be that the network guys have blocked specific ports that the screen painter uses to connect your SAP GUI to the SAP. "Please contact your system administrator"!! BASIS and then network/firewall guys. Also, install latest SAP GUI and patch.
Reward please if helpful.
Regards,
George -
User based Authorization for Documents
Hi All,
Is it possible to have following scenario?
1)
There is a folder A. Inside this folder there is a file abc.txt & xyz.txt.
Now User 1 & User 2 both has access to folder A.
User 1 can read / download the file abc.txt & xyz.txt
User 2 can see only the name of the file inside this folder, but he cant download this file. And he can read / download xyz.txt file.
and instead of user can it be given role based also???
like abc.txt can be downloaded only by R&D role and noth any other users.
The main perpose of this feature is to let user know there is a document stored in a particular folder but he can only see the name of this document.
Regards,
PuravHi Jitendar,
From permission we can do only read, write, read & write, Full control thats it.
see the scenario I have given.
User2 cant even read the file, he can only see the name of that file.
I have seen the KM Permission link http://help.sap.com/saphelp_nw04/helpdata/en/4c/9d953fc405330ee10000000a114084/frameset.htm
but still counldnt find the solution to my scenario.
Regards,
Purav
Maybe you are looking for
-
Report for Missing qty in stock transfer
how to Create a Missing Quantity list that gives the difference between sent and received quantities during Stock transfer. and send me tables involved in that, primary keys also
-
Inserting excel doc into word or pdf doc
I'm putting together a business proposal. I'm writing it in word and will then save it as a pdf so that I can email it and not lose changes. I have two excel documents that fall in the middle of the master document. Any suggestions on how to make the
-
Determination of Rate of Exchange
Hi All, There is a requirement to determine the Exchange rate at the based on Billing date for the billing type ZF1. I can change the settings in copy control and make it as "C" for Pricing Exchange Rate Type. But what there are two exchange rate typ
-
Habe die CS 5.5 Master Collection gekauft und Probleme mit der Installation. Die Fehlerprotokolldatei sagt: Exit Code 6 - 0 fatal error(s), 10 error(s), 97 warning(s). Die komplette Fehlerprotokolldatei liegt vor, kann ich ja aber hier nicht reinstel
-
MainStage patches not loading Guitar Rig 4 patches
I'm trying to use Guitar Rig 4 as a channel strip plugin for live EG performance. Unfortunately Mainstage seems unable to properly recall assigned Guitar Rig patches and/or recall screen mapping for those patches. It seems like it only loads the firs