Skip to Content
Technical Articles
Author's profile photo Marco Ullrich

How to restrict Access Rights – Use Case: Sales Rep Access only to assigned Accounts and their related Docs

Use Case: Sales Reps of a company often have dedicated assigned accounts. These account related information and details are strongly confidential in regards to other Sales Reps. This result that a Sales Rep should never have a possibility to read or access individual account details of another Sales Rep colleague.

On the other hand, all the available account details like master data, open documents, activities, doc history, finance related docs and others should be available for the assigned Sales Rep in SAP Business ByDesign as prominent known in case of working without restriction needs and to provide all of SAP Business ByDesign benefits.

In a nut shell, this is a summary of the requirement:

–              Sales Rep with several assigned accounts

–              Account Management data access only to assigned accounts

–              Fact sheet overview and access to Sales Orders only for assigned accounts

–              Being able to create new Sales Orders (only) for assigned accounts

–              Fact sheet overview and access to customer invoices only for assigned accounts

–              Being able to create activities only for assigned accounts

–              Using some Marketing features like New Business

One solution could be to pro-actively provide configured reports in a recurrent manner to all Sales Reps.

Another Approach is described in the following instruction:


Check / Enhance Business Configuration Setting: Questions


Please goto WoC Business Configuration and check:

–> This mentioned question needs to be flagged to benefit from the following approach.


Masterdata Prerequisites


Account Management

All accounts, which should be handled separately, and which should not be accessible for a “Restricted Sales Rep” need to have a Party Role “Employee Responsible – Sales” maintained.

Accounts, which haven’t a Party Role “Employee Responsible – Sales” assigned, are visible and accessible for all users (with corresponding access rights).


Creating a Business Role


WoC Application and User Management –> Business Roles



Work Center and View Assignments


WoC: Account Management




WoC: Business Partner Factsheet Access Control



WoC: Marketing



WoC: New Business



WoC: Sales Orders




Access Restrictions of mentioned Business Role




Business User Maintenance


Assign and restrict Business User rights





Assign created Business Role to relevant Sales Rep User



Check WoC Assignments



Maintain User Access Restrictions



Example: Restriction


Adjust UI options


To restrict an available access to other Accounts, the “Relationship”-tab in “Contacts” need to be de-selected via Keyuser Adaptation Mode:





Test and Check result


WoC: Account Management


Select: All Accounts

Result: Only assigned accounts are displayed in the OWL

Corporate Account Overview, Sales Fact Sheet

Result: All account related docs can be monitored, Links to deep dive as well.


Corporate Account Overview, Service Fact Sheet


Result: All account related docs can be monitored, Links to deep dive as well.


Corporate Account Overview, Financial Fact Sheet


Result: All account related Invoices can be monitored, links for deep dive to document details as well.





WoC: Account Management, WoC View: Activities with Account Restrictions


Result: Only Activities of assigned accounts are reachable




Creating a New Activity Task


Result: “New activity Tasks” can be created only for assigned accounts.


WoC: Sales Order, Select All Sales Orders


Result: Only individually created Sales Orders by the Sales Rep user are displayed



Known Limitation


To benefit most for the mentioned approach and to avoid negative by-pass effects the Enterprise Search needs to be de-activated (as of now).


Summary: Going forward with this approach, many of in SAP Business ByDesign available customer and sales related information can be provided to responsible Sales Rep’s with the advantage, that information which should be hidden for these users could not be accessed (read and write).

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Marisa Falbo
      Marisa Falbo

      Hello and thank you!  This will be very helpful for me.  One thing you didn't note is that you need to answer the question "Do you want to restrict access to content in account overview?" in the business configuration in order for the Work Center Business Partner Factsheet Access Control to be available.

      Author's profile photo Marco Ullrich
      Marco Ullrich
      Blog Post Author

      Hello Marisa, Thanks for your hint! Meanwhile I have enhanced my blog accordingly. BR Marco

      Author's profile photo Vijay Muthusamy
      Vijay Muthusamy

      Hello Marco,

      Thanks for the detailed  blog .. Will be more helpful..



      Author's profile photo Peter Sipos
      Peter Sipos

      Hello Marco,

      very nice blog !

      But it doesnt work in our tenant.

      When I create a new Sales Order, I can choose only from my Accounts - that is good. But in the OWL I can still see all the Sales Orders.

      Do you have anything in mind why it wouldnt work ?



      Author's profile photo Marco Ullrich
      Marco Ullrich
      Blog Post Author

      Hello Peter,


      have you maintained restrictions for WoC View Sales Orders ("CRM_SALESORDERS") as well? In my example the mentioned Sales Rep. user does only have dedicated access rights, in this case Org. Unit P1111.



      Author's profile photo Peter Sipos
      Peter Sipos

      Hi Marco,


      Yes, I have maintained that. I think the problem is that I had a different expectation.

      We wanted to have the following situation:

      Sales representative is maintained in the account(s) as an Acount Team Member.

      The sales orders are created by other employees, or EDI.

      When sales rep. opens the Sales Orders view, he will be able to see only the sales orders for accounts, where he is maintained as an Account Team Member.

      Are we able to accomplish this in ByD ?



      Author's profile photo Mirko Scheepers
      Mirko Scheepers

      Hi Marco,

      Great blog, good explanation and works perfectly!

      One question regarding this topic: how does it work with private accounts?

      Kind regards,



      Author's profile photo Ashok Bezawada
      Ashok Bezawada

      Hi Marco,

      This doesn't work when multiple employees are assigned to the same sales unit. The employee can see sales orders of other employees also who are assigned to his same sales unit. It's not practical to keep creating sales units for each employee joining the organization. Is there a way we can achieve true employee level restriction on Sales Orders?

      Thanks & Regards,


      Author's profile photo Mario Banos
      Mario Banos

      This doesn't work in the quote sales whe multiple employeess are assigned, and qhe you have a opportunity and someone wants to create a new taks the system permitted see all the account.

      Author's profile photo Chempian Pontie
      Chempian Pontie

      Hi Marco,

      Is it possible in Business Role to restrict the Source Document both in OWL and inside the source document and also how to restrict the access to attachments.




      Thanks in advance!

      Chempian Pontie