SOD User Violation report by Business Role

Similar Messages

• Users assigned to CRM Business Roles

  Is there a report that can show what users are assigned to what Web UI business roles. We have business roles assigned to positions and not PFCG roles. If not, what table to show business roles assigned to positions numbers so I can atleast query names on positions that have specific business roles.
  Thank You,
  Alex

  Hi Alex,
  Normally the AGR_USERs table through SE16 can give you this output
  in AGR_USERS table go and set the ORG_FLAG and COL_FLAG to get the output, you could also do this just for roles
  AGR tables.
  also if you have a proper naming convention please search by   "UIU" string most of the WEBUI roles supplied by SAP has this key word "UIU"
  Also you can go through SPRO ("UI Framework")  to see the default business roles assigned to the "UIU" roles supplied by SAP.

• Report alle Business Roles assigned to Position

  Hello,
  I'm looking for a report wich brings a coomplete Objectdescription of an incorporate position in a organizational Model. Very important is the information which business role (we use CRM 2007) is assigned to the position.
  I checked already report rhstru00 but I don't know which structure parameters I have to take to get out the required information.
  There must be a way to get this information.
  Thanks a lot in advance!
  Best Regards
  Stephan Jung

  Step1
  U should know the Personnel number of the person u want to assign role.
  Step2
  PA20 to do Org assignment
  Info type = get the position number
  Step3
  Go to PO13 for Position number
  You assign the position number to Role (basically you create a relationship b/w Position number and Role here)
  Define relationship “B   007” Relationship type (Always select this Relationship type)
  Step4
  Go to SU01; create a user ID for THAT Personnel number ( If the user don't have one)
  Step5
  Go to PA30 you define relationship between Personnel # and User ID
  Create Info Type 105, Subtype 0001
  In ID/Number = User ID and save
  For personnel number
  Step6
  Run PFUD
  To update user master record i.e. to enter the role that is assigned to that position in org level. Put the Role name and select Reconcile User Master Data and execute.
  Or
  In SE38 Run report   “RHPROF0”

• Link to Business Role and User Account

  How to link an user account with a business role so that the user account can work with the new UI?

  Hi,
  Go to transaction PPOMA_CRM. Search for your business role say SALESPRO in the Position Search.Double click on the role so that its details are visible on the right hand side.Then search for your user from the user search.When it comes in the left side bottom, drag and drop it to the position on the right side.
  Regards,
  Rohit

• Getting error in IC agent business role while loading components.

  The user has been allowed and access to all business role.user are using all business roles but when user click on the IC agent business role the following error arise.
  Cannot display view CRMCMP_BPIDENT/BuPaMultipleLayoutVS of UI Component CRMCMP_BPIDENT
  An exception has occurredException Class CX_CRM_GENIL_GENERAL_ERROR - Component set CRMIC_DEFAULT cannot be loaded with BP_APPL+EMPTY+IC_ACCT_ID since multiple object definitions exist for component SO2
  Method: CL_CRM_GENIL_INTERNAL_MODEL=>LOAD_COMPONENT_SET
  Source Text Row: 124
  Initialization of view CRMCMP_BPIDENT/BuPaMultipleLayoutVS of UI Component CRMCMP_BPIDENT failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BPConfirmedPartners.MainWindow in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view CRMCMP_BPIDENT/BuPaMainVS of UI Component CRMCMP_BPIDENT
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BPConfirmedPartners.MainWindow in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view CRMCMP_BPIDENT/BuPaMainVS of UI Component CRMCMP_BPIDENT failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRMCMP_BPIDENT/BuPaMultipleLayoutVS in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view MainWindow of UI Component CRMCMP_BPIDENT
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRMCMP_BPIDENT/BuPaMultipleLayoutVS in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view MainWindow of UI Component CRMCMP_BPIDENT failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRMCMP_BPIDENT/BuPaMainVS in component CRMCMP_BPIDENT could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view CRM_UI_FRAME/WorkAreaViewSet of UI Component CRM_UI_FRAME
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BPIDENT.MainWindow in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view CRM_UI_FRAME/WorkAreaViewSet of UI Component CRM_UI_FRAME failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BSPWD_BASICS/WorkAreaHostViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view CRM_UI_FRAME/MainWindow of UI Component CRM_UI_FRAME
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View BSPWD_BASICS/WorkAreaHostViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Initialization of view CRM_UI_FRAME/MainWindow of UI Component CRM_UI_FRAME failed
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRM_UI_FRAME/WorkAreaViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  Cannot display view Root.htm of UI Component CRM_UI_FRAME
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRM_UI_FRAME/WorkAreaViewSet in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  An error occurred during initialization of the application
  An exception has occurredException Class CX_BSP_WD_RUNTIME_ERROR - View CRM_UI_FRAME/MainWindow in component CRM_UI_FRAME could not be bound
  Method: CL_BSP_WD_VIEW_CONTROLLER=>BIND_VIEW
  Source Text Row: 165
  I could not able to diagnose the error from where it is coming and I goggled lot but did not find anything about the above cited issue .
  if any of you can help me to solve this soon it will be highly appreciated .

  Hi,
  I am not sure if this appies here. You might check
  SPRO->CRM->crm cross-application components->
    Generic interaction Layer/Object Layer ->
       component-specific settings->
         define simple objects
  For these objects 2 rules apply:
  1. 'search object name' can only be used once.
  2. 'search object name' should not have the same name as any 'object
  name'.
  Do you have any entries, which break these rules?
  If it is related to component enhancement, note 1122248 might help.
  Best Regards,
  Sigrid

• Business role in IC

  Hi experts,
  I have a confusion on understanding Business Roles in interation center.
  scenario:
  call center set up is there with 100 CSR's, where everyones role is same.
  here my confusion is Do we have to create different business role for each CSR or, only one role we can assign to Org for all the users.
  if am assigining one role to all users how it is going to differentiate with each other.
  Ex: one CSR created Search criteria differently and other created differently, like if 100 creating, will all 100 search options will be available to all ? if yes searching this search criteria itself is a problem ?
  how about the recent items.
  If we are using only one business role, how we are going to differentiate b/n the users.
  How the Business role concept used in IC ?
  Regards

  Hi,
  Thanks for your reply.
  Here is the scenario am explaining again:
  call center set up is there with 100 CSR's, where everyones role is same.
  1. here my confusion is Do we have to create different business role for each CSR or, only one role we can assign to all users(as i know we can assign from Org)
  2. if am assigining one role to all users how it is going to differentiate with each other users.
  Ex: one CSR created Search criteria differently and other created differently, like if 100 creating, will all 100 search options will be available to all ? if yes searching this search criteria itself is a problem ?
  3. how about the recent items.
  4. If we are using only one business role, how we are going to differentiate b/n the users.
  How is the Business role concept used in IC ?
  My confusion is with Business roles, how this is differentiated b/n the users if it is only one role.
  Thanks in advance.

• Multiple business roles and org data determination

  Hello together,
  we are having an issue with the organizational data determination. Some users have multiple business roles in different sales organizsations. This means, they are assigned to several units in our org modell.
  This users can select the business role after the login screen. But this selection doesn't affect the org data determination (rule: ORGMAN_12).
  For example. My user is assigned to 4 different org units. After the login i select a role. In debugging i can see this role, but the system selects only the first role and not the role i've selected after the login.
  Is there any other rule which follows the select business role? Or can i assign one user only to one unit?
  Best regards
  Sascha

  Thanks for your reply!
  The problem is, that i need exactly the org unit according to the selected business role at the beginning. Because we have in one company different distribution channel (e.g. 10, 20, 30). And depending on this the user can create an business partner in 10, 20 or 30. So, in our case we have some users assigned to 10 AND 20 AND 30. For each channel we have one role.
  Our org modell looks like this:
  company XYZ
  --channel 10 ( role 'salespro10')
  mustermann-m
  --channel 20 ( role 'salespro20')
  mustermann-m
  --channel 30 ( role 'salespro30')
  mustermann-m
  If the user mustermann-m select salespro10 he should be able to create a business partner in channel 10. And if the user select the salespro20 he should be able to create the bp in channel20.
  But if you use the RH_STRUC_GET i get ALL assigment.
  Best regards,
  Sascha

• Role Based Access through business roles? Switch b/w business roles?

  Hey Guruz:
  We have a situation where we want to really chop down on what the user should see in UI.
  What this basically means is that we want to define job based business roles. In essence a user should only see what he is allowed to execute as part of his job function.
  One solution would have been to create 1 business role and control everything through the pfcg role. But, this will be a very unfriendly approach, as the user would never really know what is part of job profile and what not till he clicks on it to find out that it doesnt work and is not authorized for it.
  To avoid the above situation, we want to give managers and users the liberty to pick out their own combination of business roles which suits a users job profile. I know this would mean we might have to create quite a few business roles, but atleast it avoids reduntant access.
  Any thoughts are welcome.
  Questions:
  If a user is assigned multiple business roles how to switch without really logging off?
  Can we have tabs or something on the header or nav bar which allows a user to switch b/w business roles?
  Can the net affect of multiple business roles be combined when assigned to a user ?
  Thanks
  KT

  Hi KT
  The whole concept around assigning a Business Roles is to provide a specific set of functions to a specific user or user group.
  There should not be any reason for a User to log off from one role and then log in with another.
  If for example you want a user to have some Sales Professional access as well as some Service Professional access then you would copy Sales Professional Role to you own custom role, remove the Sales Professional attributes that you do not want, then add in the required Service Professional attirbutes required.
  The WEB UI views can then be configured for that particular Custom role you have created.
  Hope this helps
  Arden

• Issue regarding Business Role assignment

  Hi All,
  1.
  I have a user Agent1 which is assigned to position POS_IC_AGENT in my org structure.
  In the infotype Business Role I have assigned IC_AGENT (standard) business role.
  IC_AGENT has PFCG role SAP_CRM_UIU_IC_AGENT assigned to it.
  But, when I run the application (for my user Agent1), only telephony buttons are visible on top, navigation bar and work area is empty (nothing is visible there)
  2.
  Now, when I open my user Agent1 in SU01 and assign PFCG role SAP_CRM_UIU_IC_AGENT.
  Now when I run the application everything is visible (telephony, navigation bar and workarea).
  Why is it not visible in first case?
  I think it should work without assigning Role in SU01.. I mean it should have taken settings from Org. structure
  Regards,
  Ashish

  Hi Ashish,
  As far as work center page context is concerned , its decided by the navigation bar profile and business role customizations ( we add work center home and several related stuff etc in navigation bar profile and make them activate/deactivate, visible/invisible through business role customizing ) .
  PFCG role has nothing to do with what you see on the Work Center...it decides whether you can see or not..meaning whether you have authorization for disply of a business object and its related subobjects.
  PFCG role basically determines the authorization objects that will be grated to the particular business role ( to which this PFCG role is linked ) PFCG is about CREATE/CHANGE/DELETE authorizations.
  In first case, its business role linked authorizations. You dont see the work centers may be because USER has not granted the DISPLAY authorization for the business Object related to BP( i.e Account ) , or BO related to account search (BUPASEARCH ) as the IC agent home basically has Account identification home , or account search home...which overrides the PFCG authorizations attached to the business role.
  Remember, individual object authorizations set for a user using transaction PFCG will have more priority over the Business role linked authorizations as 1 business role can be assigned to many users however if one user is not grated to see BP related data, this will still remain enforced even though the business Role PFCG is granting him to see...There is a difference between user specific authorizations and Business Role specific authorization...
  In second case,its user linked Authorizations. When you add the PFCG role in SU01, this is being the User Specific Authorizations which will always have the priority and thus granting the display.
  This is my basic understanding. I am 100% sure that PFCG role only controls the DISPLAY/CREATE/CHANGE related authorizations and lots more in context of authorizations. However what to include & show is decided by Navigation Profile and Business Role customizations.
  If everything is intact in navigation bar profile and business role customizations, and still you dont see anything on the work center, then i am 100% sure that its related to User Authorizations
  Refer pg 56 in CR580, it will clear your doubt.
  Thanks & regards,
  Suchita

• GRC 10 BRM - Approve Single Role assignment in Business Roles

  Hello,
  I want to set up a workflow where any Single Role assigned to a Business Role requires an approval of the Single Role Owner.
  The thing is that my customer doesn't have a Security Administrator, so what they want is that each Single Role Owner could be aware when their roles are assigned to a Business Role, especially when the Business Role Owner is another person.
  Once the Business Role is created, the provisioning would be in charge of Business Role Owners.
  Do you know any way to configure this?
  Thanks,
  Fernando

  Hi Claudio - thanks for breaking it down
  @ Fernando - for the Role Approval Methodology you need to split your approval out to be based on request type. Claudio has shown this up above already. In continuing his example, where the business role goes to path C - you would then have Path C do a line by line approval based on the single role owners
  By using this role approval methodology your single role approvers are indirectly allowing  any user who are approved the business role via an access request and that request is approved by business role owner (which is role owner).
  As mentioned - you are using two different workflow process ids
  Role Build - using BRM to approve the single roles being part of the business role
  Access Assignment - approving the user to receive the business role which includes the single roles
  Regards
  Colleen

• User/Profile Risk Violation Report table is empty

  Dear community,
  I am struggeling to find the solution for a quite simple problem: the user and profile risk violation report tables show no results (are empty). And this, although the associated tables (in the backend) contain entries for the same selection criteria (eg. GRACPROFILEACTVL etc.). What could be the reason for that? I started again the batch risk analysis very carefully (manually) on User and Profile Level, for the correct rule set and the correct system, it completed successfully, but I still can't see any results (not even a message like "No violations" or something). As an example, I took the profile SAP_ALL for a target system, which should obviously return a lot of risks/violations.
  I have also checked that this is not an authorization issue. To be more precise, actually, this functionality is working fine on the development and UAT GRC system, but not in production.
  Any help is highly appreciated. Thanks in advance.

  Hi Erik,
  The problem you are facing with only due to the SoD rule sets, which are in active as you might not have generated in Production system
  Generate the SoD rule sets, run the jobs and then run the risks reports, you will get the results as expected.
  Regards,
  Ameet

• SPM "SoD Violation Report"

  Hi all,
  We are trying to find details documentation for user SPM report "SoD Violation Report" but there is any in 5.3 configuration and user guide.
  What is the purpose of such report? Which is the expected result? Are they the SoD conflicts within FF authorizations? OR SoD conflicts of transactions executed by FF?
  Many thanks in advance. Best regards,
    Imanol

  Yes, Imanol. it will show the  SoD conflicts of transactions executed by FF
  The Segregation of Duties (SoD) Conflicts Report captures the data from the selected system for
  each designated firefighter ID. The data is grouped by firefighter and by violated risk. The report
  lists the SoD Conflicts that arise for each login event.
  The report displays the following information for each firefighter ID:
  · Name of the firefighter using the firefighter ID.
  · The Risk ID associated with the conflict.
  · The name of the transaction.
  · The date that the conflict occurred.

• Interactive reports do not execute with Z business role

  Hi all,
  We have created interactive reports which are working fine and displaying results with a standard business role. However, the report does not even execute when we use a custom business role - no blank screen no error, but the report does not execute at all.
  What could be missing ? Need your inputs please.
  Regards.

  Compare the profile value for the function profile id REPORTING_PROF in Z business role with your std business role. To check this go to define business roles> select your ZBusiness role>double click on Assign function profiles.
  Hope this helps!
  Regards,
  Kumar

• So Can I determine the business partners linked to user based on the assigned role and org. structure?

  Hello, I am working on a SAP CRM 7 Sales implementation and we are implementing leads and opportunity scenarios. The current business organization model is that there multiple vertical and horizontal departments. This is typical matrix structure. This organization has done the segregation of its clients based on the verticals so every clients belongs to at least one or more Vertical department but Horizontal departments can contact all the clients. In the same way sales executives are also either belonging to one or more Verticals or Horizontal departments? Horizontal sales executive can create leads for any clients available in the system but a Vertical sales executive can only create lead only for the client belongs to his vertical and assigned to him. This can be achieved by creating organization structure and business partner relationship.
  Now the problem statement is that few sales executives need work for both some Verticals and Horizontals at the same time. But requirement is that they should be able to do the both roles with single user id but multiple roles. So when sales executive is creating leads his vertical department, he should only be able to select clients assigned to his Vertical only but when he is creating lead for Horizontal department, he should be able to select any clients.
  So Can I determine the business partners linked to user based on the assigned role and org. structure?
  Please let me know if this is not clear also  note we are only using CRM WebUI no SAP ePortal.
  Thanks a lot your help in advance.
  Regards
  Sudesh Sharma

  Thanks, Tahir
  my problem has solved
  Kind Regards,
  Faisal

• Reporting tools for the Business user - Crystal reports or BEx tools ?

  Hi,
  We have recently implemented BI/BO infrastructure. Scope of the inital implementation was an executive dashboard based off COPA data. We have used Xelcisus for dashboard and BEx tools for query design etc.
  We would like to set up some of our key business users (analysts in respective functions) to be able to write their own queries off this COPA cube. The discussion point is whether to roll out Crystal reports for business users or have them trained on BEx tools i.e BEx query designer/analyzer.
  Any inputs to my question "Crystal Reports or BEx tools for the Business users - pros and cons", is appreciated.
  Thanks,
  Girish

  Our user currently do not have anything.  It's fresh implementation. We would like to get the business users involved. The question is - what's the best start for a business user - Crystal Reports or Bex ?