You want to:
Guarantee access rights
Manage a set of users or groups within their assigned area of responsibility
Block access to business objects for other parts of the organization
The administration tool lets you guarantee access rights for subsets of users to assigned objects.
As the administrator, you use the relationships between the business objects and users in order to enable individual roles and user groups to access the objects.
Using the levels of read access, change access, and full access, the administrator can define the access rights for every role and every relationship. Full access includes reading, writing, and deleting as possible actions; change access includes reading and writing.
The table shows the administration interface for defining access rights. A right is the assignment of relationships to groups of roles and users, and the definition of actions for this assignment.
Right |
User Group |
Object Type |
Rule ID |
Action Group |
R314 |
All partner roles |
Lead |
TransactionCreatedByPartner |
Read |
R315 |
Partner managers |
Lead |
TransactionCreatedByPartner |
Change |
R316 |
All partner roles |
Lead |
LeadCreatedByMySelf |
Full |
R317 |
All partner roles |
Opportunity |
TransactionCreatedByPartner |
Full |
The entries in the table have the following meanings:
"All partner roles" is a group of roles that includes all partner roles (partner managers, partner employees, partner administrators, ...)
LeadCreatedByMySelf is the relationship: Lead – Business Partner: Contact – User.
TransactionCreatedByPartner is the relationship:
Business transaction – Business partner: Contact – Business partner: Company
and
Business partner: Company – Business partner: Contact – User
The relationships in the rights are relative to the users in the role. This means, for example, if user Miller is the partner manager and contact for the company SAMPLECO, then access right R315 allows user Miller to change all business transactions for SAMPLECO. All business transactions with relationships to contacts for other partner companies have no relationship to the company SAMPLECO, so Miller has no access to these business transactions.
ACE provides consistent implementation of access control for the most important SAP Customer Relationship Management (SAP CRM) business objects.
Example
A user is logged on and starts a product selection. SAP CRM checks the user’s access rights to products and provides only the products for which the user does not have any read restrictions.