Background documentationUsers and Roles in SAP ERP and SAP CRM

 

Accounting clerks from various SAP applications are involved in the Shared Services Framework processes, as well as agents from the SAP CRM Interaction Center. All of those involved have to navigate between various SAP systems in order to create or process service requests, dispute cases and customer contacts. This navigation is relatively straightforward, but presupposes the user has the required roles.

Prerequisites

You are using the Interaction Center of SAP CRM together with one or more SAP ERP application components, such as Financial Accounting, Controlling, SAP Collections Management and SAP Dispute Management.

CRM system: you have defined business roles in Customizing for Customer Relationship Management under Start of the navigation path UI Framework Next navigation step Business Roles End of the navigation path. For more information on business roles in CRM, see Business Roles.

ERP systems: you have defined the authorization roles (PFCG roles) using transaction PFCG.

In addition to the business function Multifunctional Shared Service Interaction Center (CRM_SHSVC) in the CRM system, you have activated the following business functions in the ERP system as necessary:

  • FI, Enablement for Financial Shared Services (FIN_SSC_AIC_1)

  • FSCM, Enablement for Financial Shared Services (FIN_FSCM_SSC_AIC_1)

  • Travel Management, Enablement for Shared Services (FIN_SSC_TIC_1)

  • HCM, Integration with Shared Services Interaction Center (HCM_SSC_EIC_1)

  • Internal Self-Services, Enablement for Fin. Shared Services (FIN_SSC_ISS_1)

Features

SAP ERP Company Codes

You have made the following settings in the CRM system for every ERP company code from which users are to create service requests:

  • You have created the company code as a business partner.

  • You have assigned a role to this business partner that has been assigned to the role category Financial Organization (FSSC01).

    If a transaction does not contain a customer or vendor, the system uses this role to determine the relevant back-end system. This is necessary if you want to change a cost center, for example.

    In addition, the system uses this role to create evaluations. This is necessary, for example, if you want to calculate the costs for service requests based on Service Level Agreements.

ERP Users Who Create Service Requests

Accounting clerks who work in an ERP system require the following roles:

  • User master record in the ERP system with the usual authorization roles for their daily tasks

  • Identical user master record in the CRM system with user role Occasional User (SSF_OCCUSER); moreover, this user master record must be linked with a business partner in the CRM system.

    You have assigned a role to this business partner that has been assigned to the role category Employee (BUP003).

    Note Note

    The Occasional User role is used for accessing the Web UI. It allows ERP users to create service requests in the Interaction Center from the ERP system, and to search for their own service requests. For additional information, see Launching Service Requests from ERP Transactions.

    End of the note.
CRM Users Who Process Service Requests

Accounting clerks who work in a CRM system require the following roles:

  • User master record in the CRM system with one of the following business roles:

    • Accounting IC Agent (IC_AIC_AGENT)

    • Employee IC Agent (IC_EIC_AGENT)

    • Travel IC Agent (IC_TIC_AGENT)

    The user master record must in addition be linked with a business partner in the CRM system.

    You have assigned a role to this business partner that has been assigned to the role category Employee (BUP003).

  • Identical user master record in the ERP systems with the necessary authorization roles

    For additional information about the recommended authorization roles, see the SAP ERP security guide. In the SAP ERP SAP Library, choose Start of the navigation path SAP ERP Cross-Application Functions Next navigation step SAP ERP Security Guides Next navigation step SAP ERP Central Component Security Guide Next navigation step Cross-Application Components Next navigation step Shared Services Framework End of the navigation path.

CRM Users Who Manage the Interaction Center

Users who are responsible for managing service request require the following role: IC Manager (IC_MANAGER).

However, to link particular categories of service requests in the Accounting Interaction Center with particular categories of Dispute Cases, they require the AIC Manager (AIC_MANAGER) role. This way, they can automate the creation of the dispute cases. For additional information about creating dispute cases using the SAP Dispute Management component, see under Linking Service Requests with Dispute Cases.

CRM Users Who Access the Work Centers for SAP Collections Management

In the Interaction Center, the following work centers are available to you for SAP Collections Management: My Worklist, All Worklists, Process Receivables. The user requires the following roles for this:

  • User master record in the CRM system with the following business role: Accounting IC Agent (IC_AIC_AGENT); the user master record must in addition be linked with a business partner in the CRM system

    You have assigned a role to this business partner that has been assigned to the role category Employee (BUP003).

  • Identical user master record in the ERP systems with the necessary authorization roles

    For additional information about the recommended authorization roles, see the SAP ERP security guide. In the SAP ERP SAP Library, choose Start of the navigation path SAP ERP Cross-Application Functions Next navigation step SAP ERP Security Guides Next navigation step SAP ERP Central Component Security Guide Next navigation step Financial Accounting Next navigation step Financial Supply Chain Management Next navigation step SAP Collections Management Next navigation step Authorizations End of the navigation path.

CRM Users Who Access the Work Center for SAP Dispute Management

In the Interaction Center, the work center Dispute Case Processing is available to you for SAP Collections Management. Users require the following roles for this:

  • User master record in the CRM system with the following business role: Accounting IC Agent (IC_AIC_AGENT); the user master record must in addition be linked with a business partner in the CRM system

    You have assigned a role to this business partner that has been assigned to the role category Employee (BUP003).

  • Identical user master record in the ERP systems with the necessary authorization roles

    For additional information about the recommended authorization roles, see the SAP ERP security guide. In the SAP ERP SAP Library, choose Start of the navigation path SAP ERP Cross-Application Functions Next navigation step SAP ERP Security Guides Next navigation step SAP ERP Central Component Security Guide Next navigation step Financial Accounting Next navigation step Financial Supply Chain Management Next navigation step SAP Dispute Management Next navigation step Authorizations End of the navigation path.

Users Who Use MDG-Based Internal Self Services

Users who want to use Internal Self-Services (ISS) that are based on Master Data Governance (MDG) require the following user master records and roles for this:

  • User master record in the ERP or CRM system in which the ISS and the MDG application have been configured (MDG system), with authorization role Financials Internal Self Service (SAP_FIN_INT_SELF_SERVICE). This enables users to call the ISS homepage in SAP NetWeaver Business Client. You can also include this authorization role in other authorization roles or use it as a template to integrate the ISS homepage in SAP NetWeaver Portal.

  • User master records in the back-end systems connected to the MDG system with an authorization role that is intended for the activity of users in the relevant back-end system. Access from the MDG system to the back-end systems is achieved using Trusted RFC Connections. Consequently users require an additional authorization for access to Trusted RFC Connections.

Users Who Process MDG-Based Change Requests

Users who process MDG-based change requests need the following roles for this:

  • Authorization role Financial Master Data Manager (SAP_FIN_MDM)

  • Additional authorizations depending on the role in the MDG process:

    • Requester

      Only users who have been assigned to an MDG authorization group can make change requests.

    • Approver, Controller

      In the MDG workflow, you can assign users as processors for change requests that have a particular status. This way you can implement MDG roles such as those of Controller or Approver.

CRM Users Who Display the Fact Sheet

Users who display the fact sheet for the customer or vendor in the Accounting Interaction Center to receive context-related information of a communication partner require a user master record with the following roles:

  • Business role Occasional User (SSF_OCCUSER)

  • Authorization role FSSC: Occasional Business Role (SAP_CRM_UIU_SSF_OCCUSER)

Users Who Use Biller Direct-Based Internal Self Services

Users wanting to use ISS that are based on SAP Biller Direct, require the following user master records and roles for this:

  • Web application with the same name for the Web frontend of Biller Direct

  • Reference user with the same name in the back-end system in which Biller Direct Self-Services are running

    The reference user must be assigned to the Web application. The PFCG roles must be assigned to the reference user that authorize the execution of Biller Direct Self-Services. These assignments authorize the Web application to execute Biller Direct Self-Services. For additional information, see the SAP Biller Direct Security Guide under User Management and Authentication.