The SAP Fan Club Forums

[ChrisL]

Hello,
We are on SAP CRM Abap 6.0, running Web_IC. I am trying to restrict users to only displaying/maintaining Prospects (BP's) that are assigned to them (was hoping to use CRM_ORD_OP to accomplish this). They should not be able to see any other prospects if they are not assigned to them. We will also have managers that should be able to see prospects assigned to any of their employees (was hoping to user CRM_ORD_LP to accomplish this). I have also built an org structure with positions, etc and assigned the users accordingly. The problem is that when I logon to my test user (which is assigned to a BP and is also assigned to the org), I can search for and display/maintain any prospects, not just the ones assigned to me. Reviewing the ST01 trace, I only see auth checks against B_BUPA_RLT and B_BUPR_RZT and no checks for any of the CRM_ORD* objects.

We have also implemented BADI CRM_ORDER_AUTH_CHECK but since I don't have much experience with BADI's, I'm not sure if it has been configured correctly. We created an implementation, assigned the BADI definition, activated the methods, and activated the implementation. For method CRM_RFW_MODIDY_QUERY, we set the return parameter EV_EXECUTE_STANDARD to 'X' in hopes to restrict search capability to only prospects that are assigned to the assignee logged on. Is there additional coding required in the various methods to force checks on the CRM_ORD* objects? Is there somewhere in the IMG that I need to activate this?

Any other suggestions on how to force the auth checks for the CRM_ORD* objects?

Any help you can provide would be greatly appreciated!!!

Thanks in advance!
Chris

[thx4allthefish]

I am shadowing this in Security/CRM, since this might be a bit cross-application.

[ChrisL]

Thank you, I will go check.