Professional Documents
Culture Documents
1 Introduction .........................................................................................2 2 Association: Assignment of Authorization Templates to the Business Template ................................................................................3
2.1 Create an Association Between Your Business Template and the ACL Template ............................................................................................... 4 2.2 Create an Association Between Your Business Template and the OTS Template ............................................................................................... 7 2.3 Create an Association Between Your Business Template and the CRM_ORD_LP Template............................................................................ 10 2.4 Create an Association Between Your Business Template and the CRM_ORD_OP Template ........................................................................... 12 2.5 Create an Association Between Your Business Template and the CRM_ORD_TE Template............................................................................ 14
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template ........................................................................17
3.1 General Remarks.................................................................................. 17 3.2 Examples .............................................................................................. 19
3.2.1 CRM_ORD_LP_<object>: CRM_ORD_LP_LEAD................................................... 20 3.2.2 CRM_ORD_OE_<object>: CRM_ORD_OE_LEAD ................................................. 21 3.2.3 CRM_ORD_PR_<object>: CRM_ORD_PR_LEAD.................................................. 23 3.2.4 CRM_ORD_TE_<object>: CRM_ORD_TE_LEAD .................................................. 24 3.2.5 CRM_ORD_OP_<object>: CRM_ORD_OP_LEAD ................................................. 26
1 Introduction
1 Introduction
In enterprise search, you have to model the authorization using a path description that runs between the business object (BO) and the user.
To do so, go through the following steps: 1. Association: Connect the relevant BO Node to nodes of the authorization templates for dynamic authorization checks. Precondition for this step: Dynamic authorization checks have to be made persistent by authorization templates (see Authorization Templates [page 3]). 2. Define static authority checks: Connect the static standard authority objects to relevant BO nodes (enterprise search determines the values of the corresponding static authority objects, and checks whether the current user has the static rights to access the BO the values can be used in combination with step 3). Every static authority check is identified by its own check ID. 3. Define dynamic checks: Connect the BO to the user (USER-MAPPING Authority Template) using a path description. Every path description is identified by its own check ID. Logical conjunction: The result for the whole authorization model is a logical expression of the relevant check IDs with the combination of AND, OR, NOT, and brackets. For a description of the authority objects, see ABAP Authority [page 43] and Path-Oriented Authority [page 44]. The following sections describe steps for your one order object.
For path-based authorization checks, you have to assign the authorization templates to the relevant business nodes. For more information on this association, see Path-Oriented Authority [page 44]. This association is the entry point for the authority path to the user. In the following table you can see the necessary association of a one order object (opportunity).
One Order Node Authority Template CRM_ACE 2_OO_AC L CRM_ACE _OTS
Field
Fixed Value
BTORDER CRM_OPP_ OTS CRM_OPP_ ORD_LP_DI S_CHANNE L CRM_OPP_ ORD_LP_DI V_ORG CRM_OPP_ ORD_LP_S ALES_ORG CRM_OPP_ ORD_LP_S ERVICE_OR G CRM_OPP_ ORD_LP_SL S_GROUP CRM_OPP_ ORD_LP_SL S_OFFICE CRM_OPP_ ORD_TE CRM_OPP_ ORD_OP
GUID
ONEORDER
BTORGSET
DIS_CHANN EL
DIS_CHANN EL
DIS_CHANN EL
BTORGSET
DIVISION SALES_OR G
DIV_ORG SALES_OR G
DIVISION SALES_OR G
BTORGSET
BTORGSET
CRM_ORD _LP CRM_ORD _LP CRM_ORD _LP CRM_ORD _TE CRM_ORD _OP
BTORGSET
2.1 Create an Association Between Your Business Template and the ACL Template
1. Select the relevant business template. 2. Choose Edit and go to step 5. 3. Define the structure using the Next pushbutton. 4. Select the node that includes the GUID of your object. Normally, this is the root node.
6. Select the required ACL table and the node of this ACL table. The selected node is included in the structure.
8. To maintain the foreign key relation, choose the Create pushbutton. An empty row appears. 9. Select the relevant fields via value help.
2.2 Create an Association Between Your Business Template and the OTS Template
1. Select the node that includes the GUID of your object. Normally, this is the root node.
3. Select CRM_ACE_USER_OTS and the relevant node. The selected node is included in the structure.
6. Select CRM_OBJECT_TYPE. 7. In the Value column, maintain the ACE super type of your business template. You can get the relevant information in the table CRM_ACE_OTYPES.
2.3 Create an Association Between Your Business Template and the CRM_ORD_LP Template
1. Select the node BTORGSET.
10
3. Select the template CRM_ORD_LP and the node DIS_CHANNEL. The selected node is included in the structure. The foreign key relation is filled automatically.
4. Enter an association ID CRM_<object>_ORD_LP_DIS_CHANNEL (CRM_LEAD_ORD_LP_DIS_CHANNEL) and press ENTER. 5. Repeat step 4 with the following association IDs: CRM_<object>_ORD_LP_DIV_ORG CRM_<object>_ORD_LP_SALES_ORG CRM_<object>_ORD_LP_SERVICE_ORG CRM_<object>_ORD_LP_SLS_GROUP CRM_<object>_ORD_LP_SLS_OFFICE After the maintenance you will see the following associations:
11
2.4 Create an Association Between Your Business Template and the CRM_ORD_OP Template
1. Select the node BTPARTNER.
3. Select the template CRM_ORD_OP and the node CRMT_ES_ORD_USER. The selected node is included in the structure.
12
4. Enter an association ID CRM_<Object>_ORD_OP (CRM_LEAD_ORD_OP) and press ENTER. 5. Maintain the foreign key relations using the value help.
6. Select BP_PARTNER_GUID. 7. Maintain the second key field using the value help.
13
8. Select PARTNER_GUID.
2.5 Create an Association Between Your Business Template and the CRM_ORD_TE Template
1. Select the node BTPARTNERATTR.
14
3. Select the template CRM_ORD_TE and the node ORD_TE. The selected node is included in the structure. The foreign key relation is filled automatically.
15
16
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
For the ABAP authority checks, use the authority objects and their check IDs. For a list of the authority objects and their check IDs, see ABAP Authority [page 43].
3. For the first check ID CRM_<Object>, use the authority object related to your business object type, instead of CRM_OPP. You can find the related authority object in the function module CRM_ORDER_CHECK_AUTH_BUS_OBJCT. 4. Choose the Import pushbutton.
17
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
5. Enter your authorization object and choose Import. 6. Close the window. Now you can use the authorization object. 7. Choose the Add pushbutton for every check ID. An empty row appears. 8. Fill the columns Check-ID and Check-ID Description. 9. Select the ABAP authority object name using value help. The selected authorization object appears in the row. In the right-hand screen area Details: Fields of Authorization Object <>, the fields of the authorization object appear.
Now maintain the relevant fixed values for a field, or select the path and the field that are relevant for the check. If a field can be ignored, you do not have to do anything.
18
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
10. To maintain the path, select the relevant field and choose Select Path. A selection screen with all nodes appears. 11. Select the relevant node. In the second screen area, the fields of the selected node appear. 12. Select the relevant field. The selected path and field are displayed. 13. Save your changes.
3.2 Examples
In the following sections, you can find the steps for the following check IDs: CRM_ORD_LD_<object> CRM_ORD_OE_<object> CRM_ORD_PR_<object> CRM_ORD_TE_<object> CRM_ORD_OP_<object>
19
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
20
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
21
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
22
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
23
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
24
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
25
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
26
3 Define Static Authority Checks: ABAP Authorization Objects in the Business Template
27
28
2. Choose the Add pushbutton for every check ID. An empty row appears. 3. For the first two check IDs (CRM_OO_ACL and CRM_OO_OTS), fill the column Check-ID. The rest are filled automatically. 4. For the other check IDs, fill the columns Check-ID and Check-ID Description. 5. Choose Select Path. A selection screen with all relations appears. 6. Select the relevant template node and association. 7. Select the node USER_MAPPING.USER_MAPPING at the end. In the second screen area of the selection screen, the fields of the node appear. 8. Select the field USER_ID. The path and selected field are included in the current row. 9. Save your changes.
4.2 Examples
In the following sections, you can find examples for creating path-oriented authority checks.
29
30
31
32
33
34
35
36
37
38
39
40
41
5 Logical Conjunction
5 Logical Conjunction
To maintain the logical conjunction for the authority check, you can use the following logical conjunction as a template: ( ( CRM_LEAD & CRM_ORD_PR_LEAD & CRM_ORD_OE_LEAD ) | ( CRM_ORD_TE_LEAD & CRM_LEAD_ORD_TE ) | ( CRM_ORD_LP_LEAD & ( CRM_LEAD_ORD_LP_SALES_ORG | CRM_LEAD_ORD_LP_SERVICE_ORG | CRM_LEAD_ORD_LP_SLS_OFFICE | CRM_LEAD_ORD_LP_SLS_GROUP | CRM_LEAD_ORD_LP_DIV_ORG | CRM_LEAD_ORD_LP_DIS_CHANNEL ) ) | ( CRM_ORD_OP_LEAD & CRM_LEAD_ORD_OP ) ) & ( CRM_OO_ACL | ( CRM_OO_OTS ) ) Replace _LEAD_ with the identifier of your one order object.
42
6 Examples
6 Examples
6.1 ABAP Authority
Foreign Key Relation Check ID Description ABAP Authority Object Field Node Field Fixed value ObjectSpecific General One Order
CRM_OPP
Object Type
CRM_OPP
ACTVT
45
CRM_ORD_LP _OPP
CRM_ORD _LP
02;03
CRM_ORD_O E_OPP
Static Orgunits
CRM_ORD _OE
ACTVT DIS_CHANN E SALES_GR OU SALES_OFF I SALES_OR G SERVICE_O R BTOrgSet BTOrgSet BTOrgSet BTOrgSet BTOrgSet DIS_CHANNEL SALES_GROUP SALES_OFFICE SALES_ORG SERVICE_ORG
02;03
CRM_ORD_P R_OPP
CRM_ORD _PR
PR_TYPE
BTADMIN H
PROCESS_TYPE
CRM_ORD_T E_OPP
CRM_ORD _TE
PR_TYPE
BTADMIN H
PROCESS_TYPE
TERR_ASS GN
CRM_ORD_O P_OPP
CRM_ORD _OP
PARTN_FC TT PARTN_FC T
BTPartner
PARTNER_PFT
BTPartner
PARTNER_FCT
43
6 Examples
Check ID
Node
Field
BOL
Field
CRM_OO_AC L CRM_OO_OT S CRM_OPP_O RD_LP_DIS_ CHANNEL CRM_OPP_O RD_LP_DIV_ ORG CRM_OPP_O RD_LP_SALE S_ORG CRM_OPP_O RD_LP_SERV ICE_ORG CRM_OPP_O RD_LP_SLS_ GROUP CRM_OPP_O RD_LP_SLS_ OFFICE CRM_OPP_O RD_TE CRM_OPP_O RD_OP
BTADMIN H
X X
CRM_ORD_LP
DIS_CHANN EL
CRM_ORD_LP
DIV_ORG SLS_GR OUP SLS_OFF ICE SALES_O RG SERVICE _ORG ORD_TE CRMT_E S_ORD_ USER
DIVISION SALES_GR OUP SALES_OF FICE SALES_OR G SERVICE_ ORG PATH_ID PARTNER_ GUID
CRM_ORD_LP
CRM_ORD_LP
CRM_ORD_LP
X X
44