Solved: CRM Security Design Concepts

Former Member · ‎07-27-2010

Hello Gurus,

My Client is in a process of CRM implementation, as a security consultant , I am gathering the data from the business for CRM Role Design.

Can Anybody share their design methodology in CRM Security.

Best practices..

Thanks in Advance

-Thanks

Sam

Former Member · ‎07-27-2010

1.You have lot of roles from the Java side being controlled by authorization objects rather than transaction codes

2. Please go through the CRM guide and consider UIU_COMP object , my best trick was to search all roles supplied by SAP with the object UIU_COMP

3. find the mapping between the business role and the SAP delivered role for this UIU roles.

4. Lastly copy the UIU roles and customize according to business need/ Lot of work is required between security and business team.

Former Member · ‎07-27-2010

1.You have lot of roles from the Java side being controlled by authorization objects rather than transaction codes

2. Please go through the CRM guide and consider UIU_COMP object , my best trick was to search all roles supplied by SAP with the object UIU_COMP

3. find the mapping between the business role and the SAP delivered role for this UIU roles.

4. Lastly copy the UIU roles and customize according to business need/ Lot of work is required between security and business team.

Former Member · ‎07-27-2010

Sam,

1.Establish role ownership matrix that will maintain segregation of Duties

2.Est Approval procedures

3. Role development methodology

4. Testing methodolgy

5. Change management procedure for Post production role changes

6. For USer administration

7.naming Standards

Depending on which modules you are using in CRM, You can start with SAP defined roles. Prepare a matrix on it.

Thanks,

Sri

Former Member · ‎07-28-2010

Hi Sam,

Please see below link on the concept of Business Roles & PFCG Roles in CRM that would be used:

PDF= http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/00515e75-f1d0-2c10-bebb-e5675f470...

Also refer the SAP Note 1244321. In the below SAP Note, please see PDF of CRM Web Client Auth Problems

Former Member · ‎07-28-2010

We are implementing Customer Interaction Center in CRM at the moment.

So any suggestions on the Roles design best practices, which can be useful in this scenario.

-Thanks

Sam

Former Member · ‎07-28-2010

Hi Sam,

In CRM CIC, mostly users will be accessing the CRM system via Web client. Generally an ECC or R/3 system would exist as the backend. In CRM 2007/7.0, there is a concept of Business roles (BR) & PFCG roles as described in my earlier post.

Every end user in the CRM would be assigned a Business role. Business role is created by CRM Functional Consultant & is assigned at Oranizational model/level via transaction PPOMA_CRM and corresponding PFCG role would be assigned via transaction PFCG

To create the Business role, matrix for the same would be provided by some Business Consultant in your Project. That will describe the kind of access would be given to the end-user-meaning: Work Centers, Navigational links, logical links etc. You then need to create the corresponding PFCG role for a Business role. If your Organizational model is in such a way that only one Business role is created & assigned to all users, then you need to create several PFCG roles & you need restrict access based on the requirement in these roles. Else if there are several Business roles, then mostly Business roles will take care on the access restriction, then you may need to have only one PFCG role - it depends on how the Organizational model is set up & depends on whether the maintenance burden is on the Functional Team or Security Team

Also if ECC is your backend system, roles need to be created for ECC also & they would be mapped with CRM roles as all backend work will be done in ECC system, so role matrix of both systems need to be mapped by the Business Consultant in your Project, you would then create roles for CRM & ECC system