MENU

CX Works

CX Works brings the most relevant leading practices to you.
It is a single portal of curated, field-tested and SAP-verified expertise for SAP Customer Experience solutions

SAP CX Expert Recommendations
Service solutions
Access Control Management
Access Control Management - Basics of Access Control and Business Roles
+
 Go to my bookmarks
Navigation
Article Tags
Security Service solutions Sales solutions Expert Recommendations
Last Updated: Apr 30, 2021
Copy Article URL

Access Control Management - Basics of Access Control and Business Roles

4 min read

Overview

Access control management and business roles.

When you work with SAP Sales Cloud and SAP Service Cloud solution you want the ability to manage access control for all your users. 

This article will help you achieve that by giving you an overview of SAP Sales Cloud and SAP Service Cloud solution access control management features, with a focus on the basics and the business role concept.

Table of Contents

Basics of Access Control

User management, business roles, and access rights are maintained in the Administrator work center. Authorization access can be maintained individually for each business user or through business roles.

Access rights can be granted by global and/or local administrators. Business users can only be created for employees or service agents.

We highly recommend you use business roles for all access controls. Assigning access controls directly to employees is risky, more complex to maintain, and does not provide all the functionalities that are available for roles.

Access controls within SAP Sales Cloud and SAP Service Cloud solution has two levels:

  • Assignment of work center and work center views
  • Instance access restriction based on access context


This article, and all other articles linked to this topic, focus on second point – access restriction based on access context. It is very important to understand that access context is by business object. It's not changeable or extensible.

For example, if the access context for a particular object is an employee, then you cannot enhance the access context by adding additional criteria such as sales organization.

Business Roles

Business roles can be created for different access restrictions such as sales employees, administrator, manager, and others. Also, they can be maintained for business roles. For example, a business role for a sales manager, with an access restriction to their territory.

The business role is assigned to a business user. Multiple business roles can be assigned to one business user. The business role must have an active status. In our example, the business user will inherit the access control of both roles (Example: Role1: read; Role2: read&write –> Business User has read&write access)

Changes made to the business role trigger an update for all assigned users. You can have various access capabilities within a single role

Business roles are a central part of your security strategy and can be the key to all access. Many capabilities can be linked to business roles.


The graphic above shows the most common links associated to business roles. Of course, additional capabilities will follow by linking reports, code list restrictions, page layouts, work center assignments, and access and field restrictions to the business role which will allow the business role to become the key driver to all access permissions for your business users.

Conclusion

This article introduced you to the SAP Sales Cloud and SAP Service Cloud solution access control management features with a focus on its basics and business role concept.

The article below will guide you through the access control management feature by providing you with in-depth information on access restrictions with a focus on access context:

*Access Control Management - Access Restrictions and Access Context

To access all our community or out of the box product documentation, please check out our List of Online Resources.
Authentication required

Links to pages requiring login with SAP ID

Indicated by icon

You're going to be redirected to a page that requires login with SAP ID, do you want to proceed?

You are now leaving CX Works

Links to information published on other SAP sites

Indicated by icon

You are leaving CX Works and entering another SAP-hosted site.

Links to information published on non-SAP sites

Indicated by icon

You are entering a site that is not hosted by SAP. By using such links, you agree to the following:

  • The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
  • SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
Overlay