CRM Security

February 12, 2018 | Author: Bhaskar Sharma | Category: Customer Relationship Management, User Interface, Application Software, Hierarchy, Computer File
Share Embed Donate


Short Description

CRM Security...

Description

Org Management in CRM Like SAP HR, SAP CRM also supports organizational management. Org Management allows the assignment of Business Roles to OM objects (like positions, org units, etc). The transaction to maintain OM structure in CRM is PPOMA_CRM. PPOMA_CRM allows us to search for particular OM objects and create new ones. The below screen shows a typical org hierarchy.

PPOMA_CRM - Define OM structure As you can see from the above, PPOMA_CRM is very similar to the ECC transaction PPOMA. Since we have already talked at length about Org Management in SAP HCM, I would not repeat the same here. Please feel free to have another look at the posts for Org Management under SAP HCM security. For a user to work on CRM processes, the user needs to be assigned to a business partner. In the example above, we have the BP HR00160008 assigned to the Position 30002593.

Business Roles in CRM Business Roles are used in CRM to describe the user interface of a user. The navigational bar with all its workcenters, logical links and direct link groups are customized as part of the navigational bar profile. A navigational bar profile is assigned to a user via a business role. Customizing for business roles are carried out through transaction CRMC_UI_PROFILE. The screen below shows the initial screen for the transaction. You will notice the different links on the left pane in the screen. These allow further customizations of a business role.

Define Business Roles - CRMC_UI_PROFILES We select a single business role from the list above and click the display button. This gets to the next screen where we can check out the different entries maintained for a business role. You will notice that a Businee Role is tied to both a Navigational Bar Profile and a PFCG role.

Define Business Roles - CRMC_UI_PROFILES 2 Selecting the Adjust Direct Workcenter Link Groups option from the left pane allows us to configure the menu structure for the navigational bar profile as shown below. For example we have a choice to making a link visible or to make it available in the second level menu.

Business Roles - Ajust Work Center Groups

Navigational Bar Profile We have already come across the navigational bar in the first post introducing the standard CRM UI. The links (workcenters/logical links/direct link groups) in the navigational bar controlled by the Navigational Bar Profile. Configuration for the Navigational Bar Profile is carried out through the crmc_ui_nblinks tcode. Also, even though we are looking at the customizing of a navigational bar profile after looking at the business roles, customizing the navigational bar profile is the earlier step. The screen below shows the initial selection screen for customizing nav bar profiles.

Define Navigational Bar Profile - CRMC_UI_NBLINKS The left pane provides options for creating workcenters/logical links/Direct link groups and assigning these to navigational bar profile. For example the screens below allows us to assign workcenters and direct link groups to a Navigational Profile respectively.

Nav Bar Profile - Assign Workcenter

Nav Bar Profile - Assign Direct Link Group

PFCG Roles in CRM A CRM user needs both a business role and security role to function. The business role determines the CRM functions which appear in the user’s UI. The security role contains the backend authorizations which are needed to execute the different CRM applications that are exposed to the user through the business role. Since, the security roles are meant to authorize the components of the business roles, the business roles must be completely defined before we can start work on creating the PFCG roles. Another pre-requisite is that SU24 entries are already maintained for the CRM applications (Please refer to the posts on SU22, SU24 and SU25 for a basic idea on check indicators and their maintenance). Unlike in ECC, the CRM applications are not transactions but BSP applications which in turn map to external services. Hence when looking up the SU24 entries for them we choose external service as shown in the screen below.

SU24 entries for SAP CRM UI components The actual check indicators for a CRM UI component is shown below in the detailed screenshot. SAP CRM comes with a new authorization object UIU_COMP. This authorization object is checked when a new CRM application/ web service is launched and corresponds to the S_TCODE object for transactions. The different fields of the object COMP_NAME, COMP_PLUG and COMP_WIN serve to identify a single CRM application service. In addition to the UIU_COMP object, other authorization objects will be checked depending on the application being secured.

SU24 - Check Indicator for UIU_COMP object Although, its technically possible to manually add individual services to the role menu and maintain the authorizations for the components in role maintenance, SAP has provided us with a tool to create a PFCG role once the Business Roles are completely defined. The tool is in the form of a program CRMD_UI_ROLE_PREPARE which can be launched through SE38 transaction. The selection screen for the report is shown below

Report CRMD_UI_ROLE_PREPARE During customization of Business Role we have seen that each business role is tied to a single security role. We can use either the business role or the security role to run the report. The report internally checks the definition of the business role to create a text file with the appropriate menu links for the security role. The text file is saved in the standard sap work directory on the presentation server (user’s PC). The report also generates the log file shown below.

Report CRMD_UI_ROLE_PREPARE - Log To create the menu of the new security role, we just go into the menu tab of the role and import the text file which was just created by the report. With the menu created, the authorizations can be maintained as in the case of any other security role.

Org Management in CRM Like SAP HR, SAP CRM also supports organizational management. Org Management allows the assignment of Business Roles to OM objects (like positions, org units, etc). The transaction to maintain OM structure in CRM is PPOMA_CRM. PPOMA_CRM allows us to search for particular OM objects and create new ones. The below screen shows a typical org hierarchy.

PPOMA_CRM - Define OM structure As you can see from the above, PPOMA_CRM is very similar to the ECC transaction PPOMA. Since we have already talked at length about Org Management in SAP HCM, I would not repeat the same here. Please feel free to have another look at the posts for Org Management under SAP HCM security. For a user to work on CRM processes, the user needs to be assigned to a business partner. In the example above, we have the BP HR00160008 assigned to the Position 30002593.

Assign Roles in CRM SAP CRM allows role assignment in two basic ways, indirectly through Business Roles in PPOMA_CRM or directly through security roles assigned to user masters in SU01. Indirecty role assignment is recommended by SAP as for large organisations with many CRM users and business roles it can lead to significant reduction in maintenance effort. For indirect maintenace, the Business Roles are maintained on a position for a user.

Define OM structure - PPOMA_CRM To maintain the business role for an OM object like a position, we select the position in PPOMA_CRM and the menu path goto>detail object>Enhanced Object Description which opens transaction PP01.

PP01 - Initial Screen From the initial PP01 screen, we can maintain the appropriate value for Business Role for the chosen position.

PP01 - Assigning Business Roles With the position linked to a user and a business role assigned to the position we are now in a position to assign a security role to the user. While its also possible to directly assign a security role to the user at this stage, SAP provides the report CRMD_UI_ROLE_ASSIGN to make our job easier.

Report CRMD_UI_ROLE_ASSIGN The report can be run for both users and user groups. It basically looks up positions linked to the respective users, checks the business roles assigned to these positions and finally assigns the security roles corresponding to them to the user masters. The report log after role assignment is shown below

Report CRMD_UI_ROLE_ASSIGN - Log It is also possible to directly assign a security role to a user rather than go through these intermediate steps outlines above. To make this work, in addition to the security role the user parameter CRM_UI_PROFILE needs to be maintained with the correct business role as part of the user master. This removes the need of maintaining the Business Role on the position. However, since all CRM users need to be part of OM structure, it makes sense to use the indirect assignment rather than the direct one.

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF