cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP CRM Security Implementaion Strategy

Go to solution
Trinetra_Bhusha
Active Participant

on ‎03-10-2015 10:10 PM

0 Kudos

Hello All,


I need some guidance on SAP CRM security strategy which I am using for a implementation project.


I have role matrix created which is mapping of Positions exist in business and Activity(Violation processing,Correspondance,Case Management) each activity is further classified into sub activity and these are mapped with position (Call center/Inventory manager/Supervisor etc)as Read/Write access.

My Strategy is based on Matrix CRM team will create business role for each position say Inventory manger role will have write for case management read for Violation etc.


After the CRM team will create business role I will convert them into PFCG role using standard report and restrict the activity as read or write on PFCG role.

End state will combination of business role and PFCG role will provide the required access.

Please let me know if this strategy looks fine to you??

Also as if now I have given access to project team through CRM_UI_PROFILE” parameter with ‘’*’’ after creating and role assignment I guess removing this parameter will not have any effect and users will have access as per the roles?

Appreciate your quick response on this.


Thanks,

Trinetra

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-11-2015 12:37 AM
0 Kudos

Hi Trinetra,

Your strategy looks fine for designing security roles in CRM.

Additionally, after setting up the initial PFCG roles, I think it would be better to have ST01 trace for checking the authorizations which may be required for some of the roles if missing because standard PFCG generation report will only provide the UI level authorizations.

Also, in PFCG roles, if same positions are having different authorizations like display and change then that needs to be handled with additional roles assignment on users.

It can be done in reverse way as well, but that requires much efforts.

Users can have basic roles to login into CRM Web ui with assigned business role.

Then user can perform the required activities and you can have the trace on to check missing authorizations which you can provide as user progresses on activities.

Hope this will be helpful.

Regards,

Naresh

Show replies
Show replies
Trinetra_Bhusha
Active Participant
‎03-11-2015 1:31 AM
0 Kudos

Hi Naresh,

Thanks for the input.

As per your commnet:

"Also, in PFCG roles, if same positions are having different authorizations like display and change then that needs to be handled with additional roles assignment on users."


I assume what you are saying is if One position (say Inventory Manager)have different access level(Display/Change) for a fuctionality(say Violation processing screen in CRM) which will be the case  in this project I have to create 2 PFCG role for each fuctionality ne for dispaly and one for change?


I have around 10 CRM activity and 50 sub activity plus around 20 position and each position have Write/Read access for diffrent activity is there any other way to control this scenario as it will be large numbers of roles.


Thanks,

Trinetra

Answers (0)

Ask a Question