Introduction:
In today's competitive business environment, streamlining sales operations is vital for maintaining a competitive edge. SAP introduced a useful enhancement: Role-Based Access to Pricing Elements. This solution empowers organizations to optimize sales order efficiency and restriction flexibility.
Key Features and Benefits of the new innovative tool:
Through means of Role-Based Access, the tool provides precise control over price and cost details in sales orders, safeguarding sensitive pricing and costing information from unauthorized access.
Once the feature has been setup it will result in a greater efficiency, flexibility and overview in controlling the visibility of margins, price and cost elements in sales documents.
Configuration Instructions:
Step 1: Define access levels for price elements
Here you will define the access level according to importance of the price elements/ subtotal line (information security sensitivity). The price elements can be header or line.
Go to the CENTRAL BUSINESS CONFIGURATION (CBC) screen, In the tab CONFIGURATION ACTIVITIES click on the DEFINE ACCESS LEVELS FOR PRICE ELEMENTS link, this will take you to the configuration screen (figure 1.1). As you can see there is also the option to open documentation with more context on how to set up the given configuration.
Figure 1.1: CBC: Configuration activities
Once in the configuration screen, you can see in figure 1.2 the button NEW ENTRIES, click it, and you will be able to add/define your desired access levels.
Figure 1.2 Define access levels to price element
There are 3 types of access levels:
-No access: Hidden (no write or read)
-Display access: Only edit block (also for manual price conditions)
-Change access: No blocks (Create + delete)
The higher the sensitivity, the higher you define the number of the access level. Here's e.g. of price elements according to their sensitivity (keep in mind that this varies between companies as each company has a different structure and thus different roles they can align with these access levels) :
-Low sensitivity: Retail price, discounts, and surcharges for example: 1000
-High sensitivity: Internal price and profit margin for example: 3000
Step 2: Assigning access levels to a pricing procedure
Here you assign the access level to a condition type or subtotal line within the pricing procedure. This step is important as the system will not be able to automatically assign access levels to price elements if only the restrictions are setup.
In the CBC, go to SET PRICING PROCEDURES. As you can see in figure 1.3 there’s again the option to open documentation with more context on how to set up the given configuration.
Figure 1.3 Set pricing procedures
Next you select the
pricing procedure you want to assign the
access level, e.g. figure 1.4.
Figure 1.4: Select relevant pricing procedure
Now assign the required access levels to the target condition types and/or subtotal lines in the desired pricing procedure as you can see on figure 1.5
Figure 1.5: Assign access levels to condition types/subtotals lines.
Step 3: Define the authorizations for different users
Here you will define the restriction for the access (business users access to selected price elements). The field restriction types include:
- Application (V)
- SAP Object scope (Sales order)
- Access Level for Price Element (Read, write, delete and create)
The system can retrieve the valid access a user has based on the access levels and the Roles with catalog SAP_SD_BC_SO_PROC_MC for sales order processing assigned.
Go to the MAINTAIN BUSINESS ROLES app as shown on figure 1.6.
Figure 1.6: MAINTAIN BUSINESS ROLES app
Secondly you will go to the RESTRICTED_BR_INTERNAL_SALES_REP role were you will assign the access levels.
Figure 1.7: Display Restriction
On the display restriction screen we can see the access levels assigned to the price elements, it’s possible to assign multiple access levels (This will be the case for the read access of the Internal sale rep and of the sales manager).
Logistic expert role configuration
Figure 1.8: Assignment Access Levels for logistic expert (read access)
The write access has no access levels assigned.
Internal sales representative role configuration
Figure 1.9: Assignment Access Levels for Internal sales representative (read access)
The write access has no access levels assigned.
Sales manager role configuration
Figure 2.0: Assignment Access Levels for Sales manager (read access)
Figure 2.1: Assignment Access Levels for Sales manager (write access)
It's important to note that it’s only possible to reduce the access of a price element and not enhance the access. When using CDS views, BAPI’s, OData or SOAP API’s for data retrieval the authorizations defined through the
Configuring of Role-Based Access will not be applied.
Step 4: create a sales order and look at the setup restrictions
As you can see in figure 2.2, this is the sales order created by the e.g.
sales manager. They can adjust the retail price and customer discount, see the internal price and profit margin.
Figure 2.2: Display Sales manager
The second one, the
internal sales representative is able to see the retail price and customer discount as we see in figure 2.3, however he/she will not able to adjust it. He/she will also see the Internal price and profit margin.
Figure 2.3: Display internal sales representative
Finally we have the logistic expert. He/she will be able to see the Retail Price and Costumer discount but won’t be able to adjust these price elements. The internal price and profit margin have been restricted from the users interface. As said before what the employee in the specific role will be able to see depends on the configuration based on requirements/security specification imposed by the given company.
Figure 2.4: Display logistic expert
Note that you do not need to change the access levels in the pricing procedure each time, thanks to the access levels and their definition/assignment in the business role. The creation of separate business roles is mandatory. As each user will need to be assigned to a different role with different access levels on the read and write level.
Conclusion:
This flexible solution empowers organizations to streamline sales order management by optimizing sales order efficiency and restriction flexibility. Role-based access can be set up for different apps, such as Manage Sales Orders, Create Sales Orders, Change Sales Orders, Display Sales Orders, and Manage Sales Documents with Customer-Expected Price.
Attribution and more helpful information:
Sales in SAP S/4HANA Cloud, Public Edition 2302 | SAP Blogs
Role-Based Access to Price Elements | SAP Help Portal
Setting Up Role-Based Access to Price Elements | SAP Help Portal
Example for Setting Up Role-Based Access | SAP Help Portal
Maintain Business Roles | SAP Help Portal