CRM Web Channel User Management and the Access Control Engine (SAP Library - SAP CRM: Business Scenario and Business Process Configuration)

CRM Web Channel User Management and the Access Control Engine

Use

The CRM Access Control Engine (ACE) controls access to- and use of business objects. The access control is based on a collaboration of rules and rights that you can adjust individually to your internal organizational structures. It is practical to use ACE when you want to control, on object level, which users are to have read-, write-, and/or delete access. For example, for sold-to party Thomas baker the order 4711 was created. Ms. Smith is contact person for Thomas Baker. Therefore, Ms. Smith can access order 4711.

The ACE authorization concept exists in addition to the general authorization concept used in CRM Web Channel as described in Configuration Settings for the Authorization Concept.

Procedure

The ACE access rights are assigned to users using ACE user groups. Each ACE user group can contain user roles or users. SAP delivers the following standard ACE user groups for CRM Web Channel applications:

ACE User Group	ACE User Group Child	User Group Child Type
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_B2B_FULL	Role
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_B2B_ORDER	Role
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_B2B_VIEW	Role
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_BOB_FULL	Role
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_HOM_FULL	Role
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_HOM_VIEW	Role
SAP_CRM_ECO_ISA_B2B	SAP_CRM_ECO_ISA_WU_EASYB2B	Role
SAP_CRM_ECO_ISE_B2B	SAP_CRM_ECO_ISE_WU_B2B	Role
SAP_CRM_ECO_ISE_B2B	SAP_CRM_ECO_ISE_WU_CR	Role
SAP_CRM_ECO_ISE_B2B	SAP_CRM_ECO_ISE_WU_INSP	Role
SAP_CRM_ECO_ISA_B2C	SAP_CRM_ECO_ISA_WU_B2C	Role
SAP_CRM_ECO_ISA_B2C	SAP_CRM_ECO_ISA_WU_CSR	Role
SAP_CRM_ECO_ISA_B2C	<Reference-user>	User
SAP_CRM_ECO_ISE_B2C	SAP_CRM_ECO_ISA_WU_B2C	Role
SAP_CRM_ECO_ISE_B2C	<Reference-user>	User
SAP_CRM_ECO_UADM	SAP_CRM_ECO_ISA_WU_USERADMIN	Role

If you have made local copies of the standard delivered E-Commerce authorization roles as recommended in Authorization Roles in CRM Web Channel and you want to use these copied roles with ACE you must maintain the ACE user groups accordingly. You must replace the local role with the standard user role mentioned in the table above.

In addition, you must assign the reference user maintained for your B2C and CSR applications to the ACE user group SAP_CRM_ECO_ISA_B2C.

Note

For more information about using CRM Access Control Engine see, the configuration documentation in SAP Solution Manager.

Note

In addition you can find the Customizing activities for ACE in the SAP CRM system IMG under Customer Relationship Management ® Basic Functions ® Access Control Engine.