Creating Roles and Assigning Access Restrictions

In SAP Service Cloud Version 2, the concept is that each of your company's service employees is assigned to their specific business role. A business role functions like a job description. It is a predefined set of service tasks and operations within the system, along with the associated permissions and functional capabilities needed to carry them out. For example, the roles of service employee and service manager.

Before assigning your service employees to their roles in the system, you must define what your service business roles should be. You also need to create your employees in the system. Once both tasks are complete, you can assign business users to their respective roles. A business user is an employee's system login; it is the device the system uses to recognize employees and grant them the appropriate access levels and permissions to perform their jobs (roles).

More specifically, in SAP Service Cloud Version 2.

Video Summary

• A business role is a predefined set of permissions and access rights that determine a user’s capabilities and limitations within the system. It specifies the tasks and operations a user can perform, the data they can access, and their level of authorization. Business roles are assigned to users to ensure they have the appropriate access and permissions needed to carry out their designated tasks.
• The main elements of an employee are the Employee ID, a name, an address, and communication: Phone, Mail, Mobile; a language; a working time (their calendar and regular working hours); and a department in the company to which he/she belongs.
• With the business user, you can log in with your credentials to our system. The main elements of a business user are assigning an employee, assigning a business role, and a security policy (a set of guidelines, rules, and measures to ensure the security and integrity of SAP systems).

You create business roles to standardize system access by predefining access rights in a template that can be assigned to multiple business users performing similar tasks.

In SAP Service Cloud Version 2 the business role has three main elements:

• Business Service ID: A Business Service ID (BSID) is a unique identifier assigned to each business role in SAP Service Cloud Version 2. By assigning different services to a business role, you can control specific authorizations for an object. For example, if you assign the service ID sap.crm.service.caseService to a business role, that role allows you to create cases. Other important services include Registered Products, Installed Base, and Warranty.
• Access Rights: These rights define the specific permissions and privileges granted to a service assigned to a business role. They control the ability to create, modify, and view cases.

User assignment involves assigning individual users to specific business roles within SAP Service Cloud Version 2. Administrators or system owners are responsible for managing these user-to-role assignments.

Business Services

Business services are the primary configuration element of a business role. Here, the administrator chooses services to build a template for employee tasks. For example, to allow an employee to process cases, the Case business service must be assigned to their business role.

Examples of services that can be activated include: Case, Agent Desktop, Appointment, and others.

Note

The filter function includes advanced options to identify specific services.

Access Rights and Restrictions - Read and Write Access

The Administrator can grant and restrict access to most business services. Usually, this is done at the business role level, allowing you to set permissions once and then apply them to multiple users. The following is a list of access types.

• Read access: Unrestricted, Restricted with Restriction Rules
• Write Access: Unrestricted, Restricted with Restriction Rules
• No Access: (only available as a restriction for write access) The user lacks write permission.
• Unrestricted: The user can access all business data related to the view.
• Restriction Rule: Context-specific authorization. For example, an employee can access a customer only when they are assigned as the employee responsible for that company’s account team.

Note

• If you create a new business role with business services in the initial state of read and write access, then that access will always be unrestricted.
• Authorization for certain business services can be limited for specific views of that service.
• While the restriction rules for a business service are interconnected, in the business role, you can select which rule applies to specific services and not to others.
• Unrestricted access rights will override any restrictions that are defined.

• Lesson focused on business roles in SAP Service Cloud Version 2, their concept, importance, and operations.
• Employees must be created in the system and assigned relevant business roles before operations begin.
• Business roles are predefined with specific permissions and functionalities for assigned tasks.
• Differentiated between Employee, User ID, and Business Role, highlighting the role’s importance in system access standardization.
• Key elements include Business Service ID, Access Rights, and User Assignment, with details on their functionality.
• Covered assigning services to roles, restricting access rights, and adding services to business roles .