Wednesday, March 19, 2014

Using authorization within the price procedure

This blog will explain how you can use the standard available authorization functionality within the price procedure. With this functionality it is possible to set specific price conditions to invisible, visible (display only) or editable for specific users based on the assigned authorization profile.



Business Requirement

The price procedure contains a list of all possible price conditions. Not each user should be able to see specific price conditions. For example:
  • Only specific users should be able to add a manual price condition to overwrite the standard price conditions.
  • Only managers should be able to see the margin calculation, other users should not be able to see the margin calculation.

These requirements can easily be solved by a standard authorization functionality within the price procedure customizing.

Solution

The price procedure customizing contains a field called ‘Auth.’. For each price condition a value can be entered in this field. I will explain how this value can be used to determine if a user can display or edit a specific price condition.



Printscreen of the standard pricing procedure 0CRM01 within SAP CRM

Following steps are needed to setup the authorization check for price conditions:
  1. Assign specific values to the price conditions.
    Within the pricing procedure all conditions which must be checked by the system for display and edit authorization should have a value assigned in the column 'Auth.'. See the example for an explanation on the values.
  2. Create two specific authorization objects (this is optional)
    The authorization objects will hold the values for display or edit authorization for a specific user.
  3. Implement CRM_PRIDOC_COMH_BADI to activate the checking of the authorization values.

Step 1:
Assign specific values only to the price conditions which should be checked by the authorization object. In our example we will assign a value of 2000 to a price condition.

Step 2:

The most flexible solution is now to use the authorization concept of SAP to store two values.


Create two new authorization objects within an existing authorization class which can hold a 4 digit number:
Authorization Object: ZPRICE_DISPLAY = Contains the value for display authorization
Authorization Object: ZPRICE_EDIT = Contains the value for edit authorization

Step 3:

Now the BAdI CRM_PRIDOC_COMH_BADI can be implemented as follows:

CS_COMADM_H_COM-AUTHORITY_LEVEL_DISPLAY = Value of authorization object ZPRICE_DISPLAY assigned to the user (SY_UNAME).
CS_COMADM_H_COM-AUTHORITY_LEVEL_EDIT = Value of authorization object ZPRICE_DISPLAY assigned to the user (SY_UNAME).

You can use functionmodule SUSR_USER_AUTH_FOR_OBJ_GET to read the corresponding values.

Example

Within the price procedure we assign a value 2000 to a specific price condition.

Now using the authorization profile we assign the following authorization values to the objects display and edit.

USER 'A'.
      ZPRICE_DISPLAY = '1500'.
      ZPRICE_EDIT = '1500'.

USER 'B'.
      ZPRICE_DISPLAY = '2500'.
      ZPRICE_EDIT = '1500'.

USER 'C'.
      ZPRICE_DISPLAY = '3500'.
      ZPRICE_EDIT = '2500'.


As a result:

User A will not see the price condition
User B will see the price condition but will not be able to edit the condition
User C can see and edit the price condition

No comments:

Post a Comment