CRM Authorization Concept – Functional description

Version 2.0
02.04.2001

CRM Authorization Concept

Release 2.0C
Functional Description

SAP AG
Neurottstr. 16
D-69190 Walldorf

SAP AG CRM Authorization Concept 2.0C Page 1

CRM Authorization Concept – Functional description

Copyright
Copyright  2001 SAP AG. All rights reserved.

Neither this document nor any part of it may be copied or reproduced in any form or by any
means without the prior written consent of SAP AG.

The information contained in this document is subject to change or revision without prior
notice.

SAP AG CRM Authorization Concept 2.0C Page 2

CRM Authorization Concept – Functional description

Contents

1 GLOSSARY ............................................................................................................... 4

2 GENERAL DESIGN ................................................................................................... 5

2.1 CRM System landscape and tools................................................................................................................... 5

2.2 Authorization hierarchy .................................................................................................................................. 5

2.3 Authorization of standard activities ............................................................................................................... 6

3 CRM 2.0C AUTHORIZATION OBJECTS .................................................................. 7

SAP AG CRM Authorization Concept 2.0C Page 3

CRM Authorization Concept – Functional description

1 Glossary

CRM
Customer Relationship Management.

Object Type

The object type is the meta information about the data. A synonym for object type is object
class, e.g. the definition of business partner is an object type.

Object

An object is an entity of an object type. It exists of methods and attributes. E.g. business
partner # 123356 is an object of object type business partner.

Attribute

An attribute is the smallest unit processed by an application, like number or string values.

Authorization object

An authorization object is a logical object used to protect functionality or data in the CRM
system.

Authority check

An authority check is a tool used by ABAP developers to check authorizations.

The developer decides when and where authority checks are implemented. After all the
authority check influences the application behavior.

SAP AG CRM Authorization Concept 2.0C Page 4

CRM Authorization Concept – Functional description

2 General Design

2.1 CRM System landscape and tools

In the CRM system two basic technologies are used to implement the authorization
concept for CRM.

1. The CRM online scenario authorizations will be configured by using the R/3 basic
standard tools. The check of authorizations will be done in the programs by using
the ABAP ‘Authority-Check’ command in the implementation.
2. In the CRM Mobile scenario SAP introduces a flexible technology which allows to
model the customer requirements on authorization without doing changes to the
code. Authorization maintenance is done by using the Authorization Management
Tool (AMT). More information regarding the Mobile technology is provided in the
CRM Mobile Authorization concept functional description.

In a later release SAP will provide a download facility to download the available
authorization information from the online system to the mobile client.

2.2 Authorization hierarchy

In CRM 2.0C the authorization concept follows a hierarchical approach based on

(business) objects, object attributes and standard activities as described below.

Level Description
1 The (business) object type is protected with regards to one or a
combination of the five standard activities (create, change, display,
delete, permit). The authorization is checked by starting a program
processing the business object.
2 The (business) object type is protected depending on an attribute
value (i.e. order type). The authorization is checked as soon as the
(business) object is processed. The authorization object itself could
contain more than one attribute (e.g. order type and credit card).
3 The business object type is protected depending on an attribute and
by an organizational unit. This could be configured for a single
organizational unit e.g. sales organization, sales office or sales group.
4 The business object instance (e.g. sales order #123456789) is
protected by an authorization check.

SAP AG CRM Authorization Concept 2.0C Page 5

CRM Authorization Concept – Functional description

The following figure describes how the levels of authorization protect (business) object
data in the system.

Level 1 Object Type / Standard Activity

Level 2 Object Type / Attribute / Standard Activity

Level 3 Obj. Type / Attribute / Org. / Standard Activity

Level 4 Object / Standard Activity

2.3 Authorization of standard activities

The current standard activities are listed below:

Standard Activity Description Binary equivalent

Create Create new data 01
Change Modify existing data 02
Display Show existing data. If no change 03
authorization is given this would grant
read only authorization to the user
Delete Deletion of existing data 06
Permit (object) General object authorization 45

SAP AG CRM Authorization Concept 2.0C Page 6

CRM Authorization Concept – Functional description

3 CRM 2.0C Authorization Objects

In the table below you can find the authorization objects available in CRM 2.0C.
More detailed documentation of these objects is available within the online system
documentation (Transaction SU21; Object class CRM for CRM Components and
AAAB for Business Partner).

Area Object Description

Product COM_PRD Product / Activity
Product COM_CAT Categories / Activity
Product COM_HIER Hierarchies / Activity
Product COM_ASET Attributes (Set-Types) / Activity
Product COM_PRD_CT Product Categories / Activity
Marketing CRM_MPT Marketing planning / Activity
Marketing CRM_CPG Campaigns, Promotions / Activity
Marketing CRM_PAR Product Association / Activity
Marketing CRM_IM_ML Mail Form Maintenance / Activity
Internet Sales COM_PCAT Product Catalog / Activity
Internet Sales COM_PC_LOC Catalog Characteristics List / Activity
Sales Order CRM_SAO Sales Order / Activity (permit)
Service Order CRM_SEO Service Order / Activity (permit)
Service CRM_SE_DWP Resource Planning / Org Unit / Activity
Opportunity CRM_OPP Opportunity / Activity (permit)
Activity CRM_ACT Activity / Activity (permit)
All Orders CRM_ORD_PR Order / Order Type / Activity
All Orders CRM_ORD_OP Order / Role within Order / Activity
All Orders CRM_ORD_LP Order / Org-Level / Activity
All Orders CRM_ORD_PC Order / Order Type / Activity
All Orders CRM_ORD_OE Order / Order Type / Org Unit / Activity
All Orders CRM_ORD_PO Order / Purchasing Organization / Activity
All Orders CRM_CO_PD Order / Purchasing Organization / Activity
All Orders CRM_CO_PU Order / Purchasing Contract / Activity
All Orders CRM_CO_SA Order / Purchasing Contract / Activity
All Orders CRM_CO_SE Order / Service Contract / Activity
All Orders CRM_CON_SE Order / Service Confirmations / Activity
Business Partner B_BUPA_FDG BP / Field Group / Activity
Business Partner B_BUPA_GRP BP / Authorization Group / Activity
Business Partner B_BUPA_RLT BP / BP Role / Activity
Business Partner B_CCARD BP / Credit Card / Activity
Business Partner B_BUPA_ATT BP / Custom BP Fields / Activity
Conditions /SAPCND/CC Condition Customizing client independent /
Activity
Conditions /SAPCND/CO Condition Maintenance / Activity
Conditions /SAPCND/SS Condition Customizing / Activity

SAP AG CRM Authorization Concept 2.0C Page 7

CRM Authorization Concept – Functional description

SAP AG CRM Authorization Concept 2.0C Page 8