In CRM 7 we are trying to restrict users from seeing BP's they are not authorized. We currently only have three but are going to be bringing in allot more.
So far we have Employee BP's, Sold-To's and prospects. The only way we've been able to secure someone from displaying or editing a BP they are not supposed to have access to is to assign those BP's to an authorizaton group.
Is there some reason or error in SAP code that doesn't allow for either the B_BUPA_RLT - role type or CRM_BPROLE - role type to restrict someone from being able to see only those role types allowed?
I have end users that need to be able to display prospects and sold-to's but only edit sold-to's.
The support team should be able to see everything except employee bp's and another end user group only see's and edits prospects.
This is a very common and valid scenario, if you have to put every BP type into a authorization group for access to that brings up two questions.
What is the best way to automatically assign a bp of a certain type to a auth group (custom code)?
I guess that means that the B_BUPA_RLT and CRM_BPROLE are useless objects but the only ones being checked?
And please don't point me toward the old sap notes for the badi implementation, that didn't work on fulfilling the above requirement.
Regards,
Curtis