cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CRM Actions during Business Transaction Processing

Former Member

on ‎03-12-2009 4:46 PM

0 Kudos

Dear Experts,

in CRM we are using actions in business transaction processing.

For a specific transaction type (e.g. TA) we have defined an Action Profile with for example 5 action Definitions.

In the CRM SAPGUI, when you next create a sales order of type TA, you have an action button, by which you can trigger/execute these actions.

In my case, at this moment every user who has authorisation to either create or change the sales order can see ALL 5 actions and also trigger them. The action itself will for example trigger a status update of the sales order, or even trigger a workflow in the R/3 system.

Our Requirement:

User X should be able to only execute/trigger 2 out of the 5 actions available

User Y should be able to execute 4 out of the 5 actions for this particular transaction type (based on the relevant action profile).

I was not able to find back any authorisation object to protect access on this level.

Has anyone an Idea how this sort of requirement can be achieved?

Thanks

Davy Pelssers

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎03-12-2009 8:09 PM
0 Kudos

You can do this by creating a new Authorization object.

Use the authorization object to decide which actions to trigger.

Show replies
Show replies
Former Member
‎03-12-2009 9:28 PM
0 Kudos

Dear Naresh,

I know the principle of creation your 'own' authorisation objects.

However, I do not want to start any customer developments if not really necessary.That's why I have posted this question here in the first place.

And IF I was about to follow your 'advice' than your answer is kind of the most 'generic' security answer you can really give....

If I was to help someone on a question like this, then probably I would provide:

- any relevant BADI where you could build in the check on existing or new authorisation object

I actually found one particular OSS note today, but that note 517491 was no longer valid anymore for our release (solution manager 7.0) but anyway it did not really explain how and where to implement the authorisation check in the first place.

I also found two badi's: one relevant for condition start and one for scheduling start which might be used...

Next, I am also looking at the possibility of using Action Profile Determination (which additionally to assigning just the action profile to the transaction type could be used --under investigation.

So please do consider that a very simple outmost generic answer is not going to help anyone on this forum.... I really would not post a question on any forum without having done extensive research myself in the first place...

kind regards

D

Former Member
‎03-13-2009 1:34 PM
0 Kudos

Hello Davy,

I understand that you are not expecting a generic answer. However your first thread was not as detailed as your second.

Post Processing Framework BADI's

Exit for the printer determination (PRINTER_DETERM_PPF)

Exit After Generated Action (TRIGGER_EXECUTED)

Exit for Context Extension (CONTEXT_EXTEND_PPF)

Exit for Completion of Processing Options (COMPLETE_PROC_PPF)

Extend Container for Condition Evaluation (CONTAINER_PPF)

Exit for Execution of Actions (EXEC_METHODCALL_PPF)

Exit for Getting Possible Partner Functions of an Application (GET_PARTN_ROLES_PPF )

Exit for Double Clicking on Values in the Display (GRID_CLICK_PPF)

Exit for Checking if Deletion of Action Profile is allowed (CONTEXT_DELETE_PPF)

Exit for evaluation of schedule conditions (EVAL_SCHEDCOND_PPF)

Exit for evaluation of start conditions (EVAL_STARTCOND_PPF)

Exit for Adding further data to workflow container (WF_CONT_MODIFY_PPF)

Former Member
‎03-13-2009 5:25 PM
0 Kudos

Thanks Naresh,

this already might be usefull information !!

Now to come back on your first answer. If you say 'create your own object' it means you already did setup such a check or know that there actually is no 'standard SAP security check' foreseen to achieve my requirement?

If you take a look at the note I mentioned in previous reply, do you understand what they mean by that?

cheers and have a nice weekend

D

former_member694070
Participant
‎06-08-2010 11:43 AM
0 Kudos

Hi Davy,

We are facing the same Issue, Is there any solution to the problem?. Please let me know if there is any . Its Important.

Regards,

Kumar

Ask a Question