Identity and Access Management in Solution Order Management in SAP S/4 HANA
Solution Order Management is a new strategic solution that offers an opportunity for selling, delivering, managing combinations of services and products bundled into one transaction known as a solution order. These products and services can be of different categories, such as physical goods, one-time services, long-running services, and subscriptions. Solution Order Management has all the functionalities to support an end-to-end process from creation of a solution order to the delivery of the different products as well as invoicing, controlling, and accounting.
The Manage Solution Orders application supports features like creation & edition of solution orders, orchestration which is the creation of follow up documents of a solution order, solution order progress which gives an overview of the processing of a solution order and it’s follow up documents in a graphical representation. User/Persona (solution order specialist) for this solution order should be granted with the necessary rights to perform multiple actions e.g. display, create, edit, navigation to other documents.
This blog post is aimed at looking into the authorizations given to a solution order specialist enabling him or her to perform their daily tasks. `
Authorizations given to a solution order specialist
- Starting with the basic authorizations, a solution order specialist has rights to create a solution order and further display or edit it.
- A solution order specialist can get an overview of the progress of a solution order which may consist of various follow up documents in the form of a network graph on the solution order progress page. However, the solution order specialist should also be able to navigate to each follow up document in order to obtain extra details of a particular document. For this purpose, he or she has the display rights to all the follow up documents making it possible to navigate to any follow up document from the solution order progress page. On clicking the “Navigate to Transaction” action button of any node in the network graph, a popover is displayed which contains all the possible navigation links for that particular document.
- In addition, the solution order specialist also has edit and create rights for all the immediate follow up documents as it is required for the forward orchestration of solution order. When he or she releases an item of the solution order, the system automatically creates the follow up documents
IAM Objects in Solution Order Management
In order to support all of the above requirements, solution order management offers the business role template SAP_BR_SOLN_ORDER_SPCLST (Solution Order Specialist). This role template enables a user to manage solution orders and track progress of a solution order and it’s follow up documents. It contains the following types of business catalogs for solution order and different follow up documents:
|Document||Type of catalog||Catalog Name / Example|
|Solution Order||Solution Order Processing catalog which supports create, edit, display actions on a solution order and its progress. The Manage Solution Order application tile also appears on the home page because of this catalog.||SAP_S4CRM_BC_SOLN_ORD_PROC_PC (Solution – Solution Order Processing)|
|Immediate Follow Up Documents||Catalogs which have target mappings for create, edit and display actions on the respective documents. These also brings up the tiles for respective applications on the home screen of a solution order specialist.||SAP_S4CRM_BC_SERV_MGR_PC (Service – Manage Service Orders) for Service Orders|
|Other Follow Up Documents||Display catalogs for all the rest of the follow up documents. These enable navigation to the follow up document. Creating or editing is not possible.||SAP_SD_BC_BIL_DOC_REQ_DSP_PC (Sales – Billing Document Request Display) for Billing Document Request.|
Beside the processing catalog, solution order management also has a display catalog i.e. SAP_S4CRM_ BC_SOLN_ORD_DISP_PC (Solution – Solution Order Display) for consumption by other applications. This catalog provides the rights to navigate to and display a solution order and its progress.
The Solution Order Specialist role template has launchpad space template SAP_BR_SOLN_ORDER_SPCLST assigned to it. The page template SAP_S4CRM_PGT_SOLN_ORD_MANAGE_PC is assigned to this space template. Spaces and pages provide additional functionality to structure the tiles and layout of the home screen i.e. SAP Fiori launchpad. Spaces can be enabled or disabled by going to spaces section in the settings panel. Further information on spaces and pages can be found in this blog post.
Creating a role from solution order specialist role template
Following steps can be used to create a solution order specialist role from the role template SAP_BR_SOLN_ORDER_SPCLST (Note: These steps can be followed to create roles from other templates also):
- While logged in as Administrator, go to Manage Business Roles application under the Identity and Access Management section
- Select the Create from Template option from the footer
- In the Template field, enter the name of the role template i.e. SAP_BR_SOLN_ORDER_SPCLST. In the New Business Role ID field, enter the name you want to give to the role being created. You can also provide a description of your choice. Then click on OK
- Click on Save and the role gets created.
Note: By default, the created role does not have write access. Make sure to change the Write Access value to Unrestricted in order to be able to perform create and edit actions on a Solution Order.
The role created can then be assigned to a user using the Maintain Business Users application.
Roles can also be created scratch, by simply assigning business catalogs and not using any role template. Please refer to this link for more information.
I hope this blog post gives a clear picture about the kind of authorizations a solution order specialist is provided with. I would be happy to have your feedbacks/suggestions on how to improve this or future blog posts.
Identity and Access Management https://wiki.wdf.sap.corp/wiki/display/SimplSuite/Identity+and+Access+Management