in CRM we are using actions in business transaction processing.
For a specific transaction type (e.g. TA) we have defined an Action Profile with for example 5 action Definitions.
In the CRM SAPGUI, when you next create a sales order of type TA, you have an action button, by which you can trigger/execute these actions.
In my case, at this moment every user who has authorisation to either create or change the sales order can see ALL 5 actions and also trigger them. The action itself will for example trigger a status update of the sales order, or even trigger a workflow in the R/3 system.
User X should be able to only execute/trigger 2 out of the 5 actions available
User Y should be able to execute 4 out of the 5 actions for this particular transaction type (based on the relevant action profile).
I was not able to find back any authorisation object to protect access on this level.
Has anyone an Idea how this sort of requirement can be achieved?