Hello forum,
Maybe there is another way to limit the display potion for message operation inside solution manager ITSM, but as i don't have a lot of experience with SAP CRM, i found that another enhacement with the help of a crm expert collage that can be interesting for someone
Function key for manage that goal: CRM_ORDER_CHECK_AUTHORITY_GEN
That Solution Manager Function manager all authorization that affect to all operation transaction types inside solution manager and crm.
Goal:
The goal of that enhancement is to filter ITSM message without authorization in that way:
The result that we will get trough that enhancement:
BADI:
Trough transaction SE19 we have to make a new implementation of that Classic BADI: CRM_ORDER_AUTH_CHECK and create a Z/Y new one’s
We have to select “Interface tab” and inside method CRM_RCW_SET_MAX_ITS, we can add our code:
After that we have to activate the BADI again, and inside method CRM_RCW_CALL_AUTHORITY we add the filtering code option.
method IF_EX_CRM_ORDER_AUTH_CHECK~CRM_RFW_CALL_AUTHORITY.
DATA: wa_guid LIKE LINE OF ct_guid_list,
ct_guid_aux LIKE ct_guid_list,
aux_indice TYPE sytabix,
aux_ctd TYPE sytabix.
LOOP AT ct_guid_list INTO wa_guid.
aux_indice = sy-tabix.
CALL FUNCTION 'CRM_ORDER_CHECK_AUTHORITY_GEN'
EXPORTING
iv_mode = 'C' “Display
iv_guid = wa_guid-guid
EXCEPTIONS
no_authority = 1
not_found = 2
parameter_error = 3
reference_update_active = 4
OTHERS = 5.
IF sy-subrc = 0.
append wa_guid-guid to ct_guid_aux.
ENDIF.
ENDLOOP.
ct_guid_list[] = ct_guid_aux[]. "that is the key
endmethod.
Follow-up steps to filter search result by organization inside ITSM.
1.- Create an implementation of BADI CRM_ORDER_AUTH_CHECK
2.- Add your customer code to CRM_RFW_CALL_AUTHORITY
[IMPORTANT]
Remembar that: sap_all users will not be able to use that enhancement and you have to add some code additions if you need to allow some organization users to allow them to see incident/message for other users.
Authorization objects relevant for that enhancement:
CRM_ORD_OP - for documents
CRM_ORD_LP - object for organization model
Addition, how you can check if the user have authorization inside their organization:
call function 'CRM_ORDER_CHECK_AUT_CRM_ORD_LP'
exporting
is_auth_check_org_level = ls_auth_check_org_level
iv_user = iv_user
iv_guid = iv_guid
exceptions
no_authority = 1
others = 2.
call function 'CRM_ORDER_CHECK_AUT_CRM_ORD_OP'
exporting
is_auth_check_own_process = ls_auth_check_own_process
iv_user = iv_user
exceptions
no_authority = 1
not_relevant = 2
others = 3.
Source code for BADI CRM_ORDER_AUTH_CHECK:
METHOD if_ex_crm_order_auth_check~crm_rfw_call_authority.
*user proffile sap_all validation
Data: it_return type table of BAPIRET2,
it_LOGONDATA type BAPILOGOND,
it_DEFAULTS type BAPIDEFAUL,
it_ADDRESS type BAPIADDR3,
it_COMPANY type BAPIUSCOMP,
it_SNC type BAPISNCU,
it_REF_USER type BAPIREFUS,
it_ALIAS type BAPIALIAS,
it_UCLASS type BAPIUCLASS,
it_LASTMODIFIED type BAPIMODDAT,
it_ISLOCKED type BAPISLOCKD,
it_BAPIAGR type table of BAPIAGR,
it_BAPIPROF type table of BAPIPROF,
wa_BAPIPROF type BAPIPROF.
CALL FUNCTION 'BAPI_USER_GET_DETAIL'
EXPORTING
USERNAME = sy-uname
IMPORTING
LOGONDATA = it_logondata
DEFAULTS = it_defaults
ADDRESS = it_address
COMPANY = it_company
SNC = it_snc
REF_USER = it_ref_user
ALIAS = it_alias
UCLASS = it_uclass
LASTMODIFIED = it_lastmodified
ISLOCKED = it_islocked
TABLES
* PARAMETER =
PROFILES =it_BAPIPROF
ACTIVITYGROUPS = it_BAPIAGR
RETURN = it_return.
Read table it_BAPIPROF into wa_BAPIPROF with key BAPIPROF = 'SAP_ALL'.
if sy-subrc = '0'. EXIT. endif.
DATA: wa_guid LIKE LINE OF ct_guid_list,
ct_guid_aux LIKE ct_guid_list,
aux_indice TYPE sytabix,
aux_ctd TYPE sytabix.
LOOP AT ct_guid_list INTO wa_guid.
aux_indice = sy-tabix.
*check if user is inside operation business partner relation
DATA: lt_header_guid TYPE crmt_object_guid_tab,
lt_partner TYPE crmt_partner_external_wrkt,
ls_partner TYPE crmt_partner_external_wrk,
lt_req_objects TYPE crmt_object_name_tab,
ld_header TYPE crmd_orderadm_h,
lt_but0ID TYPE but0ID,
v_partner_C TYPE CHAR30,
v_partner1 TYPE BU_PARTNER,
lt_userp TYPE BU_BPEXT.
clear: v_partner1, lt_userp.
SELECT single PARTNER INTO lt_userp FROM BUT0ID WHERE IDNUMBER = sy-uname.
check sy-subrc = '0'.
SELECT single partner1 from but050 into v_partner1 where partner2 EQ lt_userp and reltyp eq 'BUR001'.
v_partner_C = 'PARTNER'.
IF lt_req_objects[] IS INITIAL.
INSERT v_partner_C INTO TABLE lt_req_objects.
ENDIF.
.
CALL FUNCTION 'CRM_ORDER_READ'
EXPORTING
it_header_guid = lt_header_guid
it_requested_objects = lt_req_objects
iv_no_auth_check = 'X'
IMPORTING
et_partner = lt_partner
EXCEPTIONS
document_not_found
error_occurred
document_locked
no_change_authority
no_display_authority
no_change_allowed.
if sy-subrc = 0.
*check if the user is a BP
read table lt_partner into ls_partner with key REF_PARTNER_NO = v_partner1
ref_partner_fct = '00000001'.
* check if the user is the message processor
IF sy-subrc <> 0.
read table lt_partner into ls_partner with key REF_PARTNER_NO = LT_USERP
ref_partner_fct = 'SLFN0004'.
ENDIF.
IF sy-subrc = 0.
* save to a external table
APPEND wa_guid TO ct_guid_aux.
aux_ctd = aux_ctd + 1.
ENDIF.
endif.
*
ENDLOOP.
* return analyzed guids:
ct_guid_list[] = ct_guid_aux[].
ENDMETHOD.
Remember that fot that you have to get mapped the sap saolution manager user with a valid BP inside "Identification" tab on BP transaction.
Hope that,can help you, if anyone have another way to get that goal without customer code, please share it 😉