Authorization Roles in CRM Web
Channel
You assign authorization roles to your users in CRM Web Channel to determine which applications they can enter and the tasks they can carry out in these applications. There are two types of authorization roles provided by SAP:
● For service users
There is a service user role for each Web-based application to provide an anonymous stateless RFC connection between the Web-based application and the backend SAP CRM system.
● For Internet users
There are various user roles provided by SAP for stateful connections to the different Web-based applications. You assign these to your customers and employees so that they can carry out various tasks and activities in the Web-based applications. There are different roles for each of the Web-based applications, determining the permissions the user has once logged on. For example, the roles determine whether the user can only display orders or also change orders.
SAP delivers standard authorization roles which you can change and modify to meet your needs. These roles contain authorization objects which determine which permissions a user has in an application. You can modify the authorization objects within the roles to change the permissions. For example in the role for the B2B Web shop user you can determine if the user can only display a sales order or whether the user can also create and change a sales order. For a full list of the document authorizations for the Business-to-Business (B2B), Business-on-Behalf (BOB), and Hosted Order Management (HOM) scenarios, see Document Authorizations.
The table below lists the various Web-based applications along with the user and service user roles that are delivers in the standard SAP shipment. You should create local copies of these roles and modify them.
Application |
Authorization Role |
Authorizations |
Service User |
E-Commerce B2B |
SAP_CRM_ECO_ISA_WU_B2B_FULL |
Full authorizations for all transaction types in the B2B Web shop. |
SAP_CRM_ECO_ISA_TU_B2B |
|
SAP_CRM_ECO_ISA_WU_B2B_VIEW |
Full authorizations for transaction type order template in B2B Web shop. Authorization to display orders in B2B Web shop. |
|
|
SAP_CRM_ECO_ISA_WU_B2B_ORDER |
Full authorizations for transaction type order in B2B Web shop. |
|
E-Commerce B2C |
SAP_CRM_ECO_ISA_WU_B2C |
Authorization assigned to reference users for self-registering users in B2C Web shop. |
SAP_CRM_ECO_ISA_TU_B2C |
E-Commerce EASYB2B |
SAP_CRM_ECO_ISA_WU_EASYB2B |
Authorizations for B2B users in a B2C Web shop in the Occasional Users scenario. |
SAP_CRM_ECO_ISA_TU_EASYB2B |
E-Commerce CVIEWS |
SAP_CRM_ECO_ISA_WU_CVIEWS |
Authorizations for Catalog Views application. |
SAP_CRM_ECO_ISA_TU_CVIEWS |
E-Commerce SHOPADMIN |
SAP_CRM_ECO_ISA_WU_SHOPADM |
Authorizations for Shop Management application. |
SAP_CRM_ECO_ISA_TU_SHOPADM |
|
SAP_CRM_ECO_WEBSHOP_MANAGER |
Authorizations for Web shop manager. The role contains authorizations for product catalog maintenance, business partner maintenance and user maintenance. |
The Web shop manager is an internal administrator who can use the Shop Management, User Management, and Catalog Management applications. The service users for these applications can be found in this table. |
E-Commerce USERADMIN |
SAP_CRM_ECO_ISA_WU_USERADM |
Authorizations for superuser in the User management application. |
SAP_CRM_ECO_ISA_TU_USERADM |
E-Commerce Auctioning via Web shop (AVW) |
SAP_CRM_ECO_ISA_WU_ADMIN |
Authorizations for administrator in AVW application. |
SAP_CRM_ECO_TU_AVW |
|
SAP_CRM_ECO_ISA_WU_SELLER |
Authorizations for seller in AVW application. |
|
E-Commerce Selling via eBayŽ (SVE) |
SAP_CRM_ECO_SVE_WU_ADMIN |
Authorizations for administrator in SVE application. |
SAP_CRM_ECO_TU_SVE |
|
SAP_CRM_ECO_SVE_WU_SELLER |
Authorizations for seller in SVE application. |
|
E-Service Internet Customer Self-Service (ICSS) |
SAP_CRM_ECO_ISE_WU_B2B |
Authorizations for ICSS B2B. |
SAP_CRM_ECO_ISE_TU_B2B |
|
SAP_CRM_ECO_ISE_WU_B2C |
Authorizations for ICSS B2C. |
SAP_CRM_ECO_ISE_TU_B2C |
E-Service Complaints and Returns |
SAP_CRM_ECO_ISE_WU_CR |
Authorizations for Complaints and Returns application. |
SAP_CRM_ECO_ISE_TU_CR |
E-Service Remanufacturer inspection |
SAP_CRM_ECO_ISE_WU_INSP |
Authorizations for Remanufacturer Inspection application. |
SAP_CRM_ECO_ISE_TU_INSP |
Partner Channel Management (CHM) Shared Catalog |
SAP_CRM_ECO_CHM_EU_SHRDCAT |
Authorizations for CHM Shared Catalog application. |
SAP_CRM_ECO_CHM_TU_SHRDCAT |
Partner Channel Management (CHM) BOB |
SAP_CRM_ECO_ISA_WU_BOB_FULL |
Authorizations for CHM Business-on-Behalf (BOB) application. |
SAP_CRM_ECO_ISA_TU_BOB |
Partner Channel Management (CHM) HOM |
SAP_CRM_ECO_ISA_WU_HOM_FULL |
Full authorizations for CHM Hosted Order Management (HOM) application. |
SAP_CRM_ECO_ISA_TU_HOM |
|
SAP_CRM_ECO_ISA_WU_HOM_VIEW |
Display authorizations for CHM Hosted Order Management (HOM) application. |
|
Partner Channel Management (CHM) CSR |
SAP_CRM_ECO_ISA_WU_CSR |
Authorizations for CHM Collaborative Showroom (CSR) application. |
SAP_CRM_ECO_ISA_TU_CSR |
You want to create a user for your B2B Web shop. You create a service user for the B2B Web shop application and a service user for the Web-based User Management application in your backend SAP CRM system (transaction SU01). You assign the service users to the applications in Extended Configuration Management (XCM). You take the standard SAP role for a B2B Web shop user SAP_CRM_ECO_ISA_WU_B2B_FULL in the SAP CRM system (transaction PFCG), copy it and modify the authorization objects to meet your needs. For example, you remove the authorization object for creating orders. You assign the authorization role to Web-based User Management in Customizing in your backend SAP CRM system. You log on to Web-based User Management, create a user and assign the modified B2B Web shop role to the user. The user can now log on to the B2B Web shop and carry out the tasks enabled in the authorization role.