Any organisation today deals with a huge amount of data. Thousands, maybe millions, of records related to transactions, accounts, leads, prospects and many more variants are present in the database of every major organization. However, a large set of data also brings along a concern for its safety. Data security is one of the most sought after features in this information era. Every business seeks to restrict the flow of their critical information inside their organization. It is difficult to sustain a business if the critical information of the organization flows unrestricted. For example:, the HR department should not have access to the data from the IT dept. Similarly, a member of the sales team should not be able to access the data meant for a sales manager. This is crucial as the sales manager should be able to view the performance of his entire team, sales reports and all the opportunities which he can then assign to individual sales representatives whereas a sales representative should only be able to view opportunities assigned to him.

All this can be achieved using authorization. When we look at the word ‘authorization’ in the SAP product library the first thing that strikes us is ‘Business Role’. Business roles are a central part of any security strategy, they can act as a key to provide specific access. SAP has provided this functionality with C4C. Unlike other SAP products, it is restricted not only to the business role but it also exists as a combination of many areas such as business role, page layouts, code list restriction, Field & Action restrictions and UI switches etc. Thus, in C4C many functionalities for access restrictions are associated with business roles.

At Gauri, one of our customers had a complex requirement. They had two field teams who were supposed to use the system on the go and the requirement document stated that the two have different levels of access for the same standard business object.

The requirement was to use the same standard Accounts BO for ERP accounts as well as for few other types of accounts. However, the system doesn’t allow the end user to create or modify accounts with the same role that an ERP account has. The requirement stated that the end user can only add a specific account type which is different from the account types imported from ERP. And the same functionality was to be implemented for the data that would come to C4C from ECC in the future. So here, the standard system configuration could not meet our expectations and we had to look for other alternatives. Since the access restrictions on business roles would apply the same conditions on the complete BO (irrespective of its content), it was not enough to fulfil the requirement. Therefore, in order to achieve the customer’s requirement, we worked on completely bespoke elements using C4C – SDK (Software Development Kit). We enhanced the existing Accounts BO using the C4C – SDK tool to meet the precise requirements of the customer.

We can tell from our experience that most requirements can be fulfilled using the standard SAP C4C configuration. For the ones that cannot be, we can enhance the existing system using different available methods like the C4C – SDK tool or by raising an incident so that SAP can fix the patch in the system upgrades released every quarter. C4C provides a flexible configuration for user level authorization possibilities in the system. The comprehensive system of SAP Cloud for Customer covers every single aspect of your organization related to the business data and its security apprehensions.

If you would like any further information about what might be achieved through using the C4C Software Development Kit, please contact us – we are here to help.