Show TOC

Background documentationAssigning Authorization Roles

 

Before you can start working with your business role, you need to assign an authorization role (PFCG role) to it.

Prerequisites

To maintain authorization roles (PFCG roles) in the CRM WebClient, you have set up the transaction launcher Customizing for the transaction PFCG. Start transaction CRMS_IC_CROSS_SYS in Customizing for Customer Relationship Management and create a new entry:

  • Mapped logical system: OWNLOGSYS

  • Logical system: <logical system>

  • ITS client: <ITS client>

  • ITS URL: /sap/bc/gui/sap/its/webgui/!?~transaction=IC_LTX&~okcode=ICEXECUTE"http://<server>:<port>/sap/bc/gui/sap/its/webgui/!?~transaction=IC_LTX&~okcode=ICEXECUTE

Note Note

<server> means the SAP CRM server.

<port> means the port that is used for the HTTP protocol.

Both settings can be reviewed in transaction SMICM under Start of the navigation path Goto Next navigation step Services End of the navigation path.

For more information, see SAP Note 888931Information published on SAP site.

End of the note.

Activities

Assigning an Authorization Role to a Business Role

The authorization role contains a certain authorization profile (PFCG profile) that defines the necessary authorizations. You assign this authorization role to your business role. You maintain authorizations in transaction PFCG.

Authorization roles have been enhanced with framework-specific authorizations that need to be added to existing authorization roles. Authorizations that you need to run the framework are part of the authorization role SAP_CRM_UIU_FRAMEWORK.

  • In the CRM WebClient UI, you can start the role maintenance in the business role overview page by clicking Authorization Roles.

  • In SAP GUI, you define authorization roles for business roles in Customizing for UI Framework under Start of the navigation path Business Roles Next navigation step Define Authorization Role End of the navigation path.