You Can Run a Report But I Can’t
The reporting in SAP happens to be one of the most important tool through which the customers monitor the business data. It can be a quarterly report which a business manager runs to check what business has been done by account executives or he would like to check his business pipeline. In the SAP CRM WebUI, the options for running reports are also available and they are available as logical links(mostly) or through direct links. You can launch reports from BI systems or ERP systems as well.In one of our test cycles, a tester reported that a dummy user was not able to see a report (actually a ERP report) but when he logged in with his id he could see the report. All the users would log in with the same business role. The report was launched using the transaction launcher. This was a clearly linked to the authorization but to find out how the logical links could be hidden for a particular user (in this case for transaction launcher) was the question to be answered.
After a lot of wild guessing and brute force debugging, I was able to able to find out how to control the hide/display of reports based on user ids. I have listed my observations
- Find out the logical link id for that particular logical link. Go to the transaction CRMC_UI_NBLINKS. Search for your Navigation Bar Profile.
- Click on the ‘define logical links’ and find out the logical link id.
- This gives you the logical link id. Click on the display button.
- You can directly get this information from the transaction CRMC_UI_LLINK also.
- Note down the parameter id. This is the parameter ID which would be used for enabling/disabling the report.
- You need have some knowledge of roles and the authorization concept. In a nutshell, it would mean that the roles contain the authorization objects. So to figure out the authorization object you have to find out which role you have to look for. This is the difficult part as I could not figure out how to find out what reports fall under which role. (Actually it is done the other way. The user role is used to control the access to thelogical links).
- Launch the transaction su01. Check for the roles tab and figure out where your report should be.Sometimes common sense helps here. I figured out that the Sales manager/Account executive should have access to Quotations report. Hence I looked for role 0000_CRM_SM_SALES_MANAGER and foundout the authorization object
- Click on the Status of Profile Comparison or the first entry before Role.
- Click on the authorization tab.
- Click on the display authorization data button.
- The link parameter contains the reports that could be run. If the name of your parameter id is notmentioned here you would not be able to run the report.
It may look easier but if you are don’t have knowledge on PFCG/authorizations/su01 and where to start your search process, it could be a nightmare for you to figure out the actual role and authorization. This is usually taken care by the basis guys but as a technical consultant have some info on this helps. During test cycles when the SLAs are stiff, you can have fewer headaches at least on such an issue.