Question:
Hi All,
In CRM system, tcode BP is used to see the people's data. Here we need to restrict certain users to be able to see the data based on a particular Org.unit and below. Like how we do restrict in the regular SAP system using Struct.Auth, is there a way to do this in CRM?
Thanks in advance.
Answer:
I cannot see how you can obtain this functionality with structural authorizations. You do not really use the HR modules as I see it.
Sorry I am not that familiar with CRM, but do you record the org.unit on the BP's? If so, I would think that using field groups would be the best solution, but it of course need creation of a new role.
Only a spin of thought.
Answer:
Hi Blaster,
Thanks for your input. I understand what you're telling here. Yes, we can control the field groups thru the new role. But what i wanted here is there're support users who'll be logging in CRM system and access BP tcode. I want them to be able to see only certain people on that tcode. Those people falls under the same Org.unit or below to that. We're having the Org.unit assigned to everyone in that system.
Thru the role, we can let a user either to be able to see all the people or not to see any people. But this is not i wanted. I want to control the access by Org.unit thru some kind. Not sure if this is possible since i'm also not familiar with this system.
Thanks.
Answer:
What about using Authorization types then?
According to SAP this can be used to fx restric people countrywise, so perhaps you can make it work for you too, if the master data allows it.
Answer:
Hi Blaster,
Thanks for your input. I understand what you're telling here. Yes, we can control the field groups thru the new role. But what i wanted here is there're support users who'll be logging in CRM system and access BP tcode. I want them to be able to see only certain people on that tcode. Those people falls under the same Org.unit or below to that. We're having the Org.unit assigned to everyone in that system.
Thru the role, we can let a user either to be able to see all the people or not to see any people. But this is not i wanted. I want to control the access by Org.unit thru some kind. Not sure if this is possible since i'm also not familiar with this system.
Thanks.
Hi there,
I don't think it's working. I tried testing this awhile back, and though the test user was assigned to a particular Org. Unit (through PPOMA_CRM), if the CRM_ORD_OE object has * in the "sales org", etc -- it will still allow them to access all BPs. I believe in my company we actually add a code where it forced the checks to who can access BPs from specific regions. I have to validate that w/ our developers first though.
Answer:
Try the business add in - CRM_ORDER_AUTH_CHECK (SE18).
_________________
JC
Answer:
Guys....SAP CRM does provide structural authorisations based on Sales area or organisational unit related checks:
This is the case for both Business Partners as well as for Business transactions...
This concept is based on Organizational model setup (PPOMA_CRM)
and specific authorisation objects you need to maintain.
I have done several setups for SAP CRM already..with such cases..
kind regards
_________________
Davy Pelssers
Independant SAP Consultant CRM/BW/Authorisations
pelssersdavy@hotmail.com