Background of the CRM Access Control Engine (ACE)
Relationship to Business Objects
ACE uses the organizational hierarchies and business relationships as the basis for the calculation of access control. It provides a significant improvement over the SAP authorization concept in the areas of performance and flexibility, and offers a convenient administration environment.
In contrast to the Access Control Engine (ACE), if you use the SAP authorization concept to control access rights (you grant access rights depending on organizational hierarchies), you lose the flexibility of the organization, since the rights depend on a fixed hierarchy.
The graphic shows the hierarchy structure for partner organizations, stored as business relationships, and the relationship of the business objects to these hierarchy structures.
Advantages of using ACE to map business relationships include:
Partner organizations do not necessarily have to be maintained in organization management.
Business objects with a relationship to a lower-level node can be perceived as business objects with a relationship to higher-level nodes in the organizational hierarchy. In the example, this means that the activity with the link to user D can be treated like an activity of the partner company.
Business objects with a relationship to higher-level nodes in the organizational hierarchy can be perceived as business objects with a relationship to every lower-level node. In the example, this means that the account with the link to the partner company can be treated like the account for all users in the company.
By combining the two points described above, you can define complex relationships. In the example, the activity of user D is an activity for all users in the partner company.
The option of reusing PFCG roles (roles defined with transaction PFCG) in ACE simplifies the definition of ACE user groups.
In ACE, organizational units, territory management, and the structures of partner companies are available as an organizational hierarchy. The advantage of ACE is that you can increase the number of possible organizational structures by implementing well-defined interfaces.
The following figures display two possible relationships between users and leads.
The relationship "LeadsCreatedByMySelf" describes the path "Lead" – "Business Partner: Contact" – "User".
The relationship "LeadCreatedByPartner" describes the path "Lead" – "Business partner: Contact" – "Business partner: Company", and then "Business partner: Company" – "Business partner: Contact" – "User". In most business scenarios, the relationship can be determined in two steps.
