Restrictions on Transactional Data using Access Control Engine

Hi Experts,
We are looking and implemting ACE to restrict visibility on Accounts and Transactions in our business. We are using CRM2007
We have an account which is located in 2 Sales Areas, Sales Area 1 and Sales Area2.
As part of our requirement we require a user in Sales Area 1 to be able to see the account but only see Sales Area 1 transactions in the activity assignment block within the Account Details Component. (Sales Area 2 data should not be visible in any manner)
Can ACE provide me with such flexibility?
If so, what would be required to implement such a requirement?
Would ACE standard functionality provide a solution for this or would ABAP enhancements need to be made?
Thanks for your assistance,
Jonathan

Hi Robert,
Thanks for your response. However the authorisation objects will restrict accessing the details of the transaction, but it will not completely hide the transactions in the application.
The transactions will still appear on the Activity/Opportunity/Serivce Search etc. We require that they are not even visible in the search results.
Will ACE provide this functionality in particular relation to the scenario i outlined above?
Thanks,
Jonathan

Similar Messages

  • Problems using access control in sender agreement for SOAP adapter 7.1

    I am trying to use Access Control Lists to restrict user access to web services/interfaces which are exposed via PI. This can be configured via the Integration Builder Directory using the u201CAssigned Usersu201D tab of both Communication Components (Business System) and Sender Agreements.
    The configuration is via the above mentioned components. However, I understand that itu2019s the adapters which at runtime are responsible for actually applying these checks.
    I have been having problems getting the access control to work using a setup involving a SOAP adapter of type SAP BASIS 7.10.
    The symptom of the problem is that although the access control works as expected at the Business System level, any settings at the Sender Agreement level appear to have absolutely no effect whatsoever.
    I have confirmed that I have no problems if I use an adapter of type SAP BASIS 7.00. However, I really need to get this working on 7.1.
    I have looked on the SAP support portal but can not find any notes that relate to this.
    Has anyone else had a similar problem? And have you found a fix for it?
    Any suggestions would be welcome.
    Edited by: Malcolm Dingle on Jun 17, 2009 1:08 PM

    Hi Shai,
    Please have a look at the following link and see if it helps you .
    It deals with SOAP adapter installation and activation 
    Re: SOAP adapter installation and activation
    Best Regards
    Edited by: Prakash Bhatia on May 8, 2009 11:51 AM

  • Deleting master data after loading transactional data using flat file

    Dear All,
    I have loaded transaction data  into an infocube using a flat file . While loading DTP i have checked the  option "load  transactional data with out master data exists" . So transactional data is loaded even if no master data is there in BW.
    While loading the flat file, I made a mistake for DIVISION Characteristic  where original master data value is '04000' , but i loaded the transactional data with value '4000' .Then i later realized after seeing the data from the infocube and deleted the request. then i reloaded data with value '04000'. Till now every thing is fine.
    But when I see the master data for DIVISION , i can see a new entry  with value '4000'.
    My question is how to delete the entry value '4000' from DIVISION. I tried deleting manually this entry from 'maintaining masterdata' , but it is not allowing me to do so .
    I have also checked if any transactional data exists for that value '4000' , as i said earlier I have deleted the transactional data with that values. even tried to delete the entries from the master data table, but i donot see a option to delete entries there.
    Please suggest me on this.
    Regards,
    Veera

    Hi,
    Goto RSA1 right click on the Info object and select Delete Master data. This will delete the master data unused existing in the table.
    If this master data is not used any where else just delete the master data completely with SID option.
    If even this doesnt work you can delete the complete table entire in SE14. But this will wipe out the entire table. Be sure if you wanna do this.
    Hope this helps
    Akhan.

  • How to use "access control - administrator" in SQL

    I have a report with checkboxes to select records for delete. Non administrators can only delete a subset of the records. So for some of the records I would like to hide the checkbox if the user is not an administrator. The checkboxes are created in the select statement.
    I would like to know if there is a function that I can use in SQL that will tell me if the current user is administrator or not. I'm using the access control list.
    Edited by: Rene W. on Mar 10, 2011 3:46 AM

    Just found the apex_access_control table in my schema.
    Guess I'll just use that.

  • Loading transaction data using an attribute field in the BW cube

    I am trying to load transaction data into BPC.  All but one of my dimensions are referencing technical fields.  One of my fields is referencing an attribute of a technical field.  The technical field is called 0MAT_PLANT and the attribute of that field is 0PROFIT_CTR.  In my mapping section of my transaction file I set the PROFIT_CTR dimension to 0MAT_PLANT__0PROFIT_CTR.  The transaction file validates and processes fine but when I try to import I get the error message: 0MAT_PLANT__0PROFIT_CTR is not a valid command or column 0MAT_PLANT__0PROFIT_CTR does not exist in source
    Does anyone know how to complete this successfully?
    THANK YOU!
    Karen B. Thibodeau

    Hi,
    If is mapped fine and still getting same errors, maybe you can try to check if the IO attribute it's checked in the options in the data package.
    Regards

  • Upload Of Transaction Data Using E-CATT

    Dear All,
          I am trying to upload purchase order Data for transaction ME21 through E-catt. But I am not able to upload multiple line item data as the Test Script allows only one item data to be uploaded because I have uploaded only one item data in my recording. So I am not able to upload multiple line item data. Can anybody help me with the steps to upload multiple line item data for ME21 transaction through E-CATT.

    Hi,
    Did you solve this problem of uploading more than 1 line item? If you have solved, please share me your solution as Im also encountering the same problem. Thanks in advance for your help!

  • Extracting transaction data using flat files in nw2004s

    Hi BW Gurus,
    I am trying to load the Infocube from flat file.  flat file is in csv format with comma diliminator,  when i am loading the datasource with the flat file.  flat file is actually consist of 20 columns with column headings, 5 columns has no data it consist only headings.
    When I am loading data to the datasource, it is reading only 15 columns which is having values,  I tried to enter the values in the empty column and extracted to datasource still it is not uploading that values.
    Please help me.
    Thanking you,
    Ravi

    Hi
    Please check your transfer structure should match with your  flat file.
    Order of fields in your flat file should be in the same order as the transfer structure..
    Hope it helps you...
    Teja

  • Problem mit dem Access Control Engine (ACE)

    Hallo zusammen,
    ich habe eine ACE Regel ZTerritory mit folgenden SAP-Standard auswählbaren Komponenten erstellt:
    ACE-Regel:
    Object Typ: ACCOUNTCRM
    Aktor Type: ZTerritory (CRM-GEBIET)
    AFU class ID : Z_ICM_AFU_BP (IICM: AFU FÜR GESCHÄFTSPARTNER)
    AFO class ID: Z_ICM_AFO_BP_STAFFU (ICM GP: TEAM- & EINHEITEN-AFO)
    OBF class ID: Z_OBF_ACCOUNT_ALL (OBJEKTFILTER FÜR ALLE ACCOUNTS)
    ACE-Recht:
    Object Type: ACCOUNTCRM
    Regel ID: ZTerritory
    Benutzergruppen ID: ZGroup (für zwei IC_AGENTS) die User werden über die PFCG-Rolle gefunden.
    Action Group ID: ACT_GRP_CHANGE (lesen und bearbeiten)
    Ich habe bereits in der Transaktion PFCG den erforderlichen Berechtigugsprofil erzeugt und generiert. Hier habe ich auch die für notwendigen Berechtigungen für den Geschäftspartner (Rolle) aktiviert.
    Meine Testaccounts haben die Rolle: Organisation
    Ebenfalls habe ich auch wie in der Voraussetzung für ACE beschrieben, über die Transaktion SM36 einen Job ACE_Dispatcher angelegt.
    Nachdem ich die ACE-Rechte und Benutzergruppen aktiviert habe, konnte ich mit meinen IC Agents im WebUi keine Accounts mehr finden. Sobald ich die Benutzergruppe und das Recht deaktiviere kann ich die Accounts finden.
    Hat jemand schon mit der ACE gearbeitet und gibt es noch Einstellungen die ich vornehmen muss?
    *Die ACE soll hauptsächlich für die regionale Einschränkung der IC Agents dienen. Beispielweise darf der IC Agent von der Region Nord keine Geschäftspartner von Süden sehen, bearbeiten oder löschen.Die IC Agents sind bereits im Organisationsmodell zum zuständigen Bereich zugewiesen. *
    Ich danke euch im Voraus für eure Antworten und Tipps.

    Hi, erst mal vielen Dank für deine Antwort und dein Interesse.
    Unter System -> Status -> Komponentenversion steht SAP CRM ABAP 7.0.
    Wenn du eine andere Version benötigst dann brauche ich die Anleitung für die Informationsuche :).
    Viele Grüß

  • How to transfer the transactional dat a using ale

    hi to all abap gurus
    i heard that we can transfer the transactional data ( like so data , po data ) using message control technique by ale technology . . can u please give  all steps  in message control technique with one exapmle . i searched in the forum but i did not get answer . pls points will be rewrared for good answers.  if u want to give links pls give exact links .

    Hi ,
           here is the configuration.
    MESSAGE CONTROL (USING EDI / ALE)
    For Purchase order (Message control using EDI and message type ORDERS) – STEPS
    Settings to be done in the Sending system
    From NACE
    Choose Application – EF ( Purchase order), press on condition record
    Output type – NEU – Purchase order / double click ;choose  Purchasing output determination:Doc type/purc org/vendor . Key in the data (Purchasing doc type – NB, Purc organisation – 0001, Venor – vendor11) execute. Key in the data (vendor –vendor11, name – name1, partner function  - VN, Partner – Vendor11,Medium – 6 (EDI), time – 4(send immediately), language – EN).
    Press on output types , choose NEU –Purchase order, double click,  Access sequence 0001(doctype/purcorg/vendor) tick mark the access to condition, go to default values (dispatch time – send immediately, Transmission medium – EDI, Partner function –VN)
    Create RFC destination from SM59 (ZNARA_ALE_EDI).
    Create a port from ZNARA_ALE.
    Create partner profile vendor11 under LI and not LS. PARTNER NUMBER SHOULD BE  SAME AS THAT OF VENDOR SET IN THE CONDITION TYPE.
    In the outbond parameters of the partner profile Vendor11 key in the data (Reciever port -> ZNARA_ALE,
    Basic type –ORDERS05, Message type – ORDERS ) Go to the message control and key in the data (Application – EF, Message type – NEU, Process code –ME10, Transfer immediately )
    Create a purchase order from ME21 with data (Purchasing doc type – NB, Purc organisation – 0001, Venor – vendor11). System will generate an outbond Idoc automatically which can be seen from WE02.
    For Purchase order (Message control using ALE and Message type ORDERS) - STEPS
    To transfer the idoc from Client 555 to 500
    Settings do be done in 555.
    From NACE
    Choose Application – EF – Purchase order, press on condition record
    Output type – NEU – Purchase order / double click ;choose  Purchasing output determination:Doc type/purc org/vendor . Key in the data (Purchasing doc type – NB, Purc organisation – 0001, Venor – vendor11) execute. Key in the data (vendor –vendor11, name – name1, partner function  - VN, Partner – Vendor11,Medium – A (ALE), time – 4(send immediately), language – EN).
    Press on output types , choose NEU –Purchase order, double click,  Access sequence 0001(doctype/purcorg/vendor) tick mark the access to condition, go to default values (dispatch time – send immediately, Transmission medium – ALE, Partner function –VN)
    From SALE create two logical systems and assign them to the respective clients (ZALERECV_N – 500, ZALESEND_N – 555).
    From SM59 create RFC destination with the same name as that of the receiving logical system  (ZALERECV_N).
    From BD 64(distribution model),  create a model view with Technical name ZNARA_PO (message type – ORDERS, Sender – ZALESEND_N, Receiver – ZALERECV_N). Generate partner profiles. Distribute.
    Note that partner profile will be generated under LS.
    Settings do be done in 500.
    From NACE create two logical systems and assign them to the respective clients (ZALERECV_N – 500, ZALESEND_N – 555).
    From BD 64(distribution model), keep the cursor on Technical name ZNARA_PO. Generate partner profiles. Note that partner profile will be generated under LS. Change the process code to ORDE in the inbond parameters .
    Now in client 555, Create a purchase order from ME21 with data (Purchasing doc type – NB, Purc organisation – 0001, Venor – vendor11). System will generate an outbond Idoc automatically which can be seen from WE02. The purchase order details will be updated in 555 thru the inbond idoc.
    IMP data for message control in  Sales order creation.
    Partner profile to be created under KU.
    Outbond parameters in the partner profile (Message type – ORDRSP, Basic type – ORDERS02, partner profile - SP) In Message control (Application – V1, Message type – BA00, Process code – SD10)
    Notes:
    Check the entries in the NAST table to see whether outbond idoc has been created successfully or not
    If you have choosen collect idocs in the partner profile, use trans code BD87 to process them
    Table EDP13 - Partner Profile: Outbound (technical parameters)
    Table EDP21 - Partner Profile: Inbond (technical parameters)
    Please reward if useful.

  • Using Roles with Access Control Pages

    Hi,
    I was curious if someone might be able to shed some light for me on an issue. I have a matrix of users
    who can read or write on different pages. So there are various roles created
    Admin can write all pages
    Reader can read all pages
    Medium Users can read some pages and write some pages
    Power User can Write most pages and read some pages
    I am thinking of using access control pages but I dont want to have to enter every single user for each page.
    I am wondering if I can create some sort of Roles that I can apply to access control lists. And set the role
    at login time and based on that decide what data they can edit or just view?
    Thanks in advance!

    Hi,
    Have you check or try use Authorization Schemes ?
    http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/sec.htm#sthref1943
    Br, Jari

  • How can I use table control to enter data

    Hi all,
    I want to use table control to enter data, instead of using textboxes.
    So that the user can enter many data at once and just click the save button at the end of the work, only one click.
    How can I use the table control at this context?
    Thanks.
    Deniz.

    Hi deniz,
    go through it:
    /people/ravishankar.rajan/blog/2007/02/23/an-easier-way-of-displaying-and-editing-data-using-table-control
    https://www.sdn.sap.com/irj/sdn/wiki?path=/display/snippets/code%2bto%2bhandle%2bmultiple%2brecords%2bin%2bbdc%2btable%2bcontrol
    Regards,

  • Can we use LSMW to load Transaction data

    Hi.
    Can we use LSMW to load transactional data.Or it is used only for Master Data.
    With Best Regards
    Mamatha

    Hi,
    you can do upload of transactional data using,
    Standard Programs,
    Batch Input Recording,
    BAPI method,
    IDoc,
    best regards,
    Thangesh

  • Creating SOD matrix with the help of Access control default ruleset

    I am creating the SOD matrix for the existing roles of CRM and HR modules.  As I am the security consultant therefore does not have the functional knowledge about the conflicts for CRM and HR transactions. My question is can I use the function/actions/risks conflicts provided with the Access control 5.3 default ruleset.  We are not using Access control for these systems, so I want to know whether I can take the help of AC 5.3 default risks to create the SOD matrix based on it.
    For e.g, like H001 default HR risk, I would make sure not to assign PA30(maintain HR data) with the PA03/PA04(maintain personal control record) as this will result in the providing conflict "Modify payroll master data and then process payroll". 
    Once I have the SOD list based upon AC 5.3, I can consult the Business approver/auditor to verify and modify as per the business requirement.
    Maybe I am thinking the wrong way, please provide your inputs so I can work on it.  Any help appreciated.
    Thanks,
    Sanjay Desai

    The most important thing to keep in mind is that you need to build a rule set that reflects the customers real business risk!
    What you build there will influence the way the customer will be able to continue work, assign access and perform control activities. The input HAS to come from the business!
    You can use the SAP standard risk definitions as a starting point for discussions, and the HR functions are an excellent building block to identify the transactions and necessary authorization objects that allow users to perform the actions.
    But the real challenge is to identify the risks as perceived/accepted by the business!
    Frank.

  • Transaction Data Migration

    Is there a "best practice" for transaction data conversions from a legacy system into R/3? I am in a project where I have to create a strategy for SCM transaction data (PO's, Inventory, Vendor Invoices, and so on). I would like to know the pros and cons of migrating a PO in their various stages (Open, G/R but not yet invoiced, Partial G/R). Basically a strategy to propose to my client regarding their SCM transaction data.
    Thanks for your help!!!!

    hi,
    For uploading the GLs :-->
    Use FB50  entry Dr GL a/c  Credit Data migration a/c or controlling a/c
    For uploading the Vendor balances : -->
    Use FB60 entry Dr Data migration a/c or controlling a/c and credit Vendor a/c (individually)
    For uploading the Customers balances :-->
    Use FB70  entry Dr Customers a/c (individually)  Cr  Data migration a/c or controlling a/c
    For uploading the Assets-->
    AS91 -> for uploading assets in AA
    OSAV --> for uploading assets in GL   entry Dr Asset (invidiually) Cr Data Migration account or controlling account
    You can use LSMW for uploading all these things
    After uploading all, your data migration account will become zero.
    For posting the transactional data use LSMW for relevant TCODES
    Radha

  • An access control proxy in front of my JSP pages

    Hi All,
    I want to protect the access to my jsp pages. If for example the user types in his browser www.abc.com/page1.jsp, I want to capture that request and pass it to an access control engine. If the user is authorized then he should get that page if not he should be directed to another page.
    any answers will be appreciated ... I'm using tomcat 5.5.

    For example the user types in his browser www.abc.com/page1.jsp, I want to capture that request and pass it to an access control engine. If the user is authorized then he should get that page if not he should be directed to another page.
    Focus a bit on your design: Ask yourself how will the whole world accessing the page can be identified?
    It is via machine to machine authentication and handshake or user authentication and authorisation?
    Machine to machine will happen on a VPN infrastracture where specified connections are directed to a host port else the other, or user authentication and authorisation where user login to determine which bit of yourr page he has access to, then using MVC framework you can say hang-on! base on your credential you're authorised to use this page instead.
    Note if no one is identifying him/herself on your system before having access to the required resource then your design aim sounds excuse me to say abit difficult to achieve. Again from the look at things you're trying to achieve this using acccess router, please if that is the case then think otherwise because it is not possible,
    Edited by: bidox on Mar 29, 2008 9:25 AM

Maybe you are looking for

  • Error in run oracle form

    hi all:- i have an error when i run a simple form this return an error in oc4j configuration when i run the form , it open the explorer(firefox) for one second and close and return the following error in oc4j:- 09/09/13 11:37:04 FormsServlet init():

  • How to connect Nintendo Wii to WRT54G (Wireless Router)

    Does anyone know how to find the "password or key" for my secure wireless router?  The Wii game is asking for "password or key" to access my wireless network and I do not know what it is. Thanks, TWolfe

  • Save Not Applicable(NA) as response to hundreds of required numeric fields

    We have to save Not-Applicable as a possible response to hundreds of required fields on a data entry form for numeric/statistical values on fund performance. The intent is to query/perform data analysis on fund performance trends after the initial da

  • Need Help on tcUserOpsIntf API

    Hello Friends.. Hello Friends I am new to OIM and I need help on tcUserOpsIntf API. What is this API and specially for what purpose it is used, If i want to know more about it then where I will get help on this API. Please know me. Thanks and Regards

  • Tips on Implementing Row Level Security

    Dear All,I am currently trying to implement row level security in Hyperion Intelligent version 8.2. The user guide is straight forward on explaining the steps. However, when I tried it, the row level security does not filter the information at all ev