Show TOC

Function documentationAuthorization for Installed Bases

 

You can control user authorization for displaying, changing, and creating installed bases. Authorization control for installed bases uses the authorization concept for Application Server ABAP (see User Administration and Identity Management in ABAP Systems).

Features

For each user, you can determine authorization depending on the following:

  • The authorization group assigned to an installed base

  • The installed base category

Authorization is controlled by the authorization object CRM_IBASE (Authorization Object for Installed Base). For more technical information about the authorization object, see the documentation for the object in the SAP CRM system.

Note Note

The authorization object IB_IBASE is not used in SAP CRM.

End of the note.

The authorization check does not influence whether or not certain options in the CRM WebClient UI (such as the Create button or hyperlinks to assigned installed bases) are displayed on the user interface. If a user clicks a Create button, an Edit button, or a hyperlink to an assigned installed base but does not have sufficient authorization for the respective action, a message is displayed informing the user of this.

The search results list for installed bases only contains installed bases for which the user has at minimum a display authorization. When users create or change an installed base, they can only assign an installed base category or authorization group for which they have at minimum a display authorization.

Activities

  • You define authorization groups in Customizing for Customer Relationship Management under Start of the navigation path Master Data Next navigation step Installed Base Next navigation step Define Authorization Groups End of the navigation path.

    Once you have defined authorization groups, you can assign them to installed bases in the CRM WebClient UI, on the Installed Base page, in the General Data block.

  • For the relevant role, you define values for the above fields in an authorization profile, thereby determining which actions users with that role can perform, and which installed bases they can display, change, and create.

  • If you restrict display authorization to installed bases, you also have the option of configuring the relevant business role for the CRM WebClient UI so that users cannot navigate to the Installed Base page.