cancel
Showing results for 
Search instead for 
Did you mean: 

user status depending on partner function (Solman 7.1)

Former Member
0 Kudos

Dear all

I am working on SAP Solution Manager 7.1

I´m trying to get, if its possible, an authorization object or similar behaviour to enable/disable  user status of a transaction (SMIN, SMRQ) depending on the partner function logged. Its like authorization object CRM_ORD_OP for business transactions but in this case to select user status

For example, if i am creating a transaction SMIN, i would like to enable status “Forwarded”, but if i am the Message Processor i could set user status to “Customer Action” and “Proposed Solution”, but not to “Forwarded”.

The problem comes when the same user can create and process a business transaction. If its logged as reporter/requester he could see status “Forwarded” and if he is logged as Mesage Processor he could see “Customer Action” and “Proposed Solution”, but as he has assigned all PFCG roles, he can see all user status defined for all roles that have been assigned regardless of the partner function of the user logged.

Thanks in advance.

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi,

you check the authoisation object B_USERSTAT , whether you have any restriction for authorization key in the processor profile?

for example refer here UC00043 - SAP Solution Manager - Security and Authorizations - SCN Wikiin this example shows how to control the access of particular status.

Another use case UC00039 - SAP Solution Manager - Security and Authorizations - SCN Wiki this also similar to your case, check the auth key field too.

please check.

Thanks

Jansi

Former Member
0 Kudos

Hi Jansi,

First of all, thanks for your answer.

What I want to get is to discrimine authorizations of roles assigned in SU01 by the PFCG Role assigned in the Business Role. With the role Y_REQUESTER I have defined authorization by  object B_USERSTAT to set user status “Forwarded” and for  Y_PROCESSOR,  in another B_USERSTAT object i have defined authorization to set status “Customer Action” and “Proposed Solution”.

When an user access with Business Role ZBR_REQUESTER, it is possible to determine the view that will be shown in Web UI Client with the Role Config Key defined in the Business Role. It is set up by the Business Role indicated in the infotype of the position where the user has been assigned.

It doesn´t work for authorizations because the user can set not only “Forwarded” status, but also “Customer action” and “Proposed Solution”. In the same way, when a processor loggin, he will access with business Role ZBR_PROCESSOR, but all user status will be available too.

What i am trying to get is, for example, when the processor access with Business Role ZBR_PROCESSOR, the authorizations for Y_REQUESTER  are not added to the authorizations of Y_PROCESSOR although both roles are assigned in transaction SU01 for the user. I want that the user only have authorization according to the role defined in the field PFCG Role for the Business Role definition.

Therefore, the processor couldn´t set status “Forwarded”, although he has the authorization role Y_REQUESTER assigned in transaction SU01, because the only active role is the one indicated in the definition of the Business Role once he has Access to the system.

Is there any way to accomplish it?

Thanks

User: Requester

Roles:   Y_REQUESTER, Y_PROCESSOR

Position: Solicitant

BR        ZBR_REQUESTER (Y_REQUESTER)

Status Forwarded (Y_REQUESTER)

User: Processor

Roles:   Y_REQUESTER, Y_PROCESSOR

Position: Processor

BR        ZBR_PROCESSOR  (Y_PROCESSOR)

Status: Customer Action and Proposed Solution (Y_PROCESSOR)