Technical Articles
How to restrict Access Rights – Use Case: Sales Rep Access only to assigned Accounts and their related Docs
Use Case: Sales Reps of a company often have dedicated assigned accounts. These account related information and details are strongly confidential in regards to other Sales Reps. This result that a Sales Rep should never have a possibility to read or access individual account details of another Sales Rep colleague.
On the other hand, all the available account details like master data, open documents, activities, doc history, finance related docs and others should be available for the assigned Sales Rep in SAP Business ByDesign as prominent known in case of working without restriction needs and to provide all of SAP Business ByDesign benefits.
In a nut shell, this is a summary of the requirement:
– Sales Rep with several assigned accounts
– Account Management data access only to assigned accounts
– Fact sheet overview and access to Sales Orders only for assigned accounts
– Being able to create new Sales Orders (only) for assigned accounts
– Fact sheet overview and access to customer invoices only for assigned accounts
– Being able to create activities only for assigned accounts
– Using some Marketing features like New Business
One solution could be to pro-actively provide configured reports in a recurrent manner to all Sales Reps.
Another Approach is described in the following instruction:
Check / Enhance Business Configuration Setting: Questions
Please goto WoC Business Configuration and check:
–> This mentioned question needs to be flagged to benefit from the following approach.
Masterdata Prerequisites
Account Management
All accounts, which should be handled separately, and which should not be accessible for a “Restricted Sales Rep” need to have a Party Role “Employee Responsible – Sales” maintained.
Accounts, which haven’t a Party Role “Employee Responsible – Sales” assigned, are visible and accessible for all users (with corresponding access rights).
Creating a Business Role
WoC Application and User Management –> Business Roles
Work Center and View Assignments
WoC: Account Management
WoC: Business Partner Factsheet Access Control
WoC: Marketing
WoC: New Business
WoC: Sales Orders
Access Restrictions of mentioned Business Role
Business User Maintenance
Assign and restrict Business User rights
Assign created Business Role to relevant Sales Rep User
Check WoC Assignments
Maintain User Access Restrictions
Example: Restriction
Adjust UI options
To restrict an available access to other Accounts, the “Relationship”-tab in “Contacts” need to be de-selected via Keyuser Adaptation Mode:
Test and Check result
WoC: Account Management
Select: All Accounts
Result: Only assigned accounts are displayed in the OWL
Corporate Account Overview, Sales Fact Sheet
Result: All account related docs can be monitored, Links to deep dive as well.
Corporate Account Overview, Service Fact Sheet
Result: All account related docs can be monitored, Links to deep dive as well.
Corporate Account Overview, Financial Fact Sheet
Result: All account related Invoices can be monitored, links for deep dive to document details as well.
WoC: Account Management, WoC View: Activities with Account Restrictions
Result: Only Activities of assigned accounts are reachable
Creating a New Activity Task
Result: “New activity Tasks” can be created only for assigned accounts.
WoC: Sales Order, Select All Sales Orders
Result: Only individually created Sales Orders by the Sales Rep user are displayed
Known Limitation
To benefit most for the mentioned approach and to avoid negative by-pass effects the Enterprise Search needs to be de-activated (as of now).
Summary: Going forward with this approach, many of in SAP Business ByDesign available customer and sales related information can be provided to responsible Sales Rep’s with the advantage, that information which should be hidden for these users could not be accessed (read and write).
Hello and thank you! This will be very helpful for me. One thing you didn't note is that you need to answer the question "Do you want to restrict access to content in account overview?" in the business configuration in order for the Work Center Business Partner Factsheet Access Control to be available.
Hello Marisa, Thanks for your hint! Meanwhile I have enhanced my blog accordingly. BR Marco
Hello Marco,
Thanks for the detailed blog .. Will be more helpful..
Hello Marco,
very nice blog !
But it doesnt work in our tenant.
When I create a new Sales Order, I can choose only from my Accounts - that is good. But in the OWL I can still see all the Sales Orders.
Do you have anything in mind why it wouldnt work ?
thanks.
Peter
Hello Peter,
have you maintained restrictions for WoC View Sales Orders ("CRM_SALESORDERS") as well? In my example the mentioned Sales Rep. user does only have dedicated access rights, in this case Org. Unit P1111.
BR
Marco
Hi Marco,
Yes, I have maintained that. I think the problem is that I had a different expectation.
We wanted to have the following situation:
Sales representative is maintained in the account(s) as an Acount Team Member.
The sales orders are created by other employees, or EDI.
When sales rep. opens the Sales Orders view, he will be able to see only the sales orders for accounts, where he is maintained as an Account Team Member.
Are we able to accomplish this in ByD ?
Thanks.
Peter
Hi Marco,
Great blog, good explanation and works perfectly!
One question regarding this topic: how does it work with private accounts?
Kind regards,
Mirko
Hi Marco,
This doesn't work when multiple employees are assigned to the same sales unit. The employee can see sales orders of other employees also who are assigned to his same sales unit. It's not practical to keep creating sales units for each employee joining the organization. Is there a way we can achieve true employee level restriction on Sales Orders?
Thanks & Regards,
Ashok
This doesn't work in the quote sales whe multiple employeess are assigned, and qhe you have a opportunity and someone wants to create a new taks the system permitted see all the account.
Hi Marco,
Is it possible in Business Role to restrict the Source Document both in OWL and inside the source document and also how to restrict the access to attachments.
Thanks in advance!
Chempian Pontie