Creation of Role

Former Member · ‎04-16-2009

Hi Experts,

I am facing a problem regarding role creation according to my scenario0 I want to create a role for the creation of Business Partner and assign the role to the user and if user create a Business partner and save this business partner then no other user can make changes in this business partner only he can change the Business partner .

Regards,

Khurram Siddique

JPReyes · ‎04-16-2009

Moved to Security Forum

former_member182098 · ‎04-16-2009

Hello,

Create a role using PFCG - Assign the transaction code directly or through menu.

Keep the ACTIVITY to 01 and 02.

Segregate this activity with others.

Create another role with the same transaction code and give the ACTIVITY 03 (Display only) give this role to all other users.

Hope this will solve your issue.

Regards,

Ravi

Former Member · ‎04-17-2009

However SAP roles/Profiles are designed for only one user.

The only option is keep watching the SAP role assignment which gives access to create Business partner.

Former Member · ‎04-17-2009

Hi Ravi,

Actully My problem is I have to create a role and give the Tcode to create Business partner and assign it to user But if for example user A create a business partner then User B can not edit this business partner and if User B create another Business Partner then User A cant make changes in this Business Partner.

Hope I explain the issue right. The problem is that user can make changes only those Business Partner that is created by himself.

Regards,

Khurram Siddique

Former Member · ‎04-17-2009

Hi Sid,

By business partners , I would assume you are referring to creation/change of vendor and customer master records.

For vendor master records you can specifically restrict the change to the record by assigning a authorization group to the vendor. Thereby you can allow the maintenance of this vendor in only specific roles using the object F_LFA1_BEK Vendor: Account Authorization. The object has the field authorization group in it. If you mention the authorization group assigned to the vendor master in this field, then only people having authorization to this group or with values * can mantain this vendor master.

Similarly for customer master records you can use object F_KNA1_BED Customer: Account Authorization.

Regards,

Subbu

Former Member · ‎04-17-2009

Hi Subbu,

I am working in CRM 5.0 , and i need this for Business partner of category Organization .

Regards,

Khurram Siddique

Former Member · ‎04-17-2009

Hi Sid,

I am sorry, I do not have access to a CRM system. But, you may look for similar objects for the transaction used to create change the business partners in the system. I trust there should not be much difference in the security approach between R/3 and CRM in this regard.

Regards,

Subbu

Former Member · ‎04-17-2009

Hi Sid,

I'm not sure if this will directly solve your problem, but in my CRM 5.0 system we were able to restrict users from changing business partners indirectly by restricting the authorizations using the B_BUPA_ATT object.

We restrict by salesgroup and salesorg. So if a user is assigned to one salesgroup and creates a BP, then other users are not allowed to edit or delete that BP.

The only exception we created was that our managers are able to edit BPs in ALL their corresponding salesgroups.

Hope this helps.