Hi I am sorry, but I thought this title would be funny to use. Whenever I start working/participating in a new SAP CRM project implementation, a lot of people just starting to work with SAP CRM usually ask me -Hey Davy - I got a User account and I managed to logon via the SAPGUI...but when I try out the URL (the link to the CRM WEBUI) that was given to me by the project implementation team, I get this message? What's the problem and can you solve this for me?
Whenever you see this screen when you try to logon in the SAP CRM WEBUI, it means you have not been assigned a SAP CRM Business role:
If you do not know yourself how to solve this,then make sure you start leaning more about the SAP CRM Business role concept.
If you read my previous posts you normally already grasp the basic principles of the SAP CRM Business role Concept. If not, please read them first:
- Overview of the SAP CRM User Interface
- The SAP CRM Business Role Concept
- How to Quickly start testing the functionalities of a specific SAP CRM Business Role
In essence there are basically 3 possibilities by which a User can start using 1 or multiple SAP CRM Business roles (only 1 at a time of course).
I could also have called this blogpost " Business Role Determination Logic" as this is what I am about to explain.
The SAP CRM Business Role Determination Logic
Business role Assignment to a User can be done directly or indirectly. The determination logic is actually determined in the class CL_CRM_UI_PROFILE_DETERM
If you want, you are welcome to debug this class, but if you functionally know how this works, than you might not even bother.
From a functional point of view, these are the things you should remember:
- The User Parameter CRM_UI_PROFILE
- A User's assignment in the organizational model
- The PFCG role a user has assigned to his SU01 User master Record, that corresponds the PFCG Role which is maintained/Assigned to a specific Business Role in Business Role Customizing.
The User parameter CRM_UI_PROFILE is something most users (that have acces to the SAP GUI at least) will be able to change themselves using the transaction code SU3.
In the above screenshot, you see that I put a * (asterisk) as parameter Value. This means I can access ALL available SAP CRM Business Roles. This implies that whenever I logon to the SAP CRM WEBUI, I get after having entered my User ID and password I get a selection screen, where I must choose the Business role I would like to logon with.
Instead of putting the value *, you can also specify a concrete SAP CRM Business role, such as SALESPRO ; SERVICEPRO and so on. That would skip the selection screen, and immediately log you on with that particular business role.
Normally, this approach of business role assignment is used by SAP Consultants, who want to test out the functionalities that are delivered by SAP standard Business Roles. Based on their research, they then usually have a good idea which standard business role should serve as the basis of their custom made business role. They 'll usually make a copy of the standard business role and next start tweaking things such as the navigation bar profile, technical profile, ... and also deactivate unnecessary work centers and navigation links.
It is also very useful when you encounter a bug, BSP error or shortdump when performing unit and acceptance testing using your customer made business role. Let's assume at a certain point you get a shortdump when performing a certain action on e.g. the Account Overview Screen. Now in order to assure this is either a real SAP Standard Bug, or is caused by custom coding you will want to test the SAP Standard, and therefore logon with a standard SAP Business role, and even "Switch off customer enhancements".
Inheriting the Business role by your assignment in the Organizational Model
I hope you already know what an organizational model is, what is used for and what the basic elements of such a model are. The organizational model in SAP CRM is also one of the key elements as it used for many purposes, like:
- organizational data determination (in business transaction processing)
- indirect authorization role assignment
- indirect business role assignment
- can be used within the context of territory management
Relevant for you is that you know a SAP CRM Business role can be assigned to an:
- Organizational Unit (O object)
- Position (S object)
What's best..not sure..depends on how you are actually structuring your organization model...at my current customer in 90% of the cases we did this on the level of the organizational units...in some cases also on position level. Why did we use Org unit level...well because the org units were representing departments such as:
- the Call Center (they were using some copy of the IC_AGENT business role -with CTI integration)
- the Backoffice Complaint Management department (using an enhanced version of the IC_AGENT business role, but without CTI integration)
- The Contract Department (using some tweaked copy of the SALESPRO business role)
How do you assign a business role to a organizational unit or position?
Launch the transaction code PPOMA_CRM to start maintaining the org model.
Search for the object (org unit) to which you would like to assign a SAP CRM Business Role. (e.g. ZALL_USERS) which I created during my previous post.
To illustrate this, I quickly created a new organizational unit, position and assigned myself as an Employee to that particular position.
As you can see, I double clicked on the organization unit called "SAP University Department". I did this to ensure that I will be using the right organizational element, when assigning my business role ZALL_USERS.
Now in the menu, click on "Goto --> Detail Object --> Enhanced Object Description".
This will show me the details (with relevant infotypes) belonging to the O-object which I am currently viewing.
Now scroll down a bit in the list of Infotypes untill you reach the "Business Role". Next click on the button "CREATE".
In the field "business role" I can manually type in the name , or select it using the input help button..
After having entered the relevant business role, make sure to press the SAVE-button.
You now see a green flag next to the field, indicating that a business role has been assigned.
Now, this means that when I would logon, I now am able to logon with the business role ZALL_USERS. (note that you should not use the User Parameter in that case, as this overrules this).
Inherit a business role via your PFCG role assigned in the SU01 User Master Record
Last but not least..I guess that when you already had a closer look at business role customizing you'll notice that normally a PFCG role is assigned to it!
This PFCG role should be Unique as it serves basically two purposes:
- it allows you to quickly create a a PFCG role based on the Business role assigned to it (using the report CRMD_UI_ROLE_PREPARE) I'll explain this in a later post!
- it can be used to indirectly assign a business role (if at least that business role has assigned the same PFCG role to it in business role customizing).
Let's quickly look at what I mean:
In the above screenshot you see that in the Standard delivered Business Role SALESPRO, the standard PFCG Role SAP_CRM_UIU_SLS_PROFESSIONAL is assigned to it. Now if a user would get this PFCG authorization role assigned to him, he would also inherit access to this specific business role SALESPRO.
Remember: the PFCG role you enter here must therefore be UNIQUE, as otherwise the system can not know which business role it should take!
Now, in my User Master Record this would look like this:
In the above screenshot you see I have two PFCG Roles assigned:
- SAP_CRM_UIU_SLS_PROFESSIONAL (this I need to have access to the workcenters and navigation links that are basically defined in the business role customizing settings made in the SALESPRO business role (also relevant for my UIU_COMP authorization object values).
- SAP_CRM_UIU_FRAMEWORK (consider this role a basic role that each and every user should GET in order to be able to start working within the WEBUI...basically it contains the object PLOG.. Without this role, you can not start the CRM WEBUI in a proper way!
I should now actually tell you about the priority logic, but as I do not remember my testcases on this matter by heart I"ll leave this for a potential future post..
take care and speak to you soon!
The SAP University Team