Authorization in SAP hybris MarketingInSAP hybris Marketing, the user authorization is based on the following checks: The start authorization determines whether a user is allowed to start a workset, subworkset, or application. The instance authorization determines which account data a user can access once the user has started a workset. For example, when a user is allowed to startRelationship Analysis, the instance authorization determines the account data the user can include in the analysis.NoteUsers additionally require a marketing area based authorization to access specific instances of a business object, such as a specific campaign. For more information, seeMarketing Areas in SAP hybris Marketing.For both the start authorization and the instance authorization, define business roles that you can assign to users. For more information about the general maintenance of business roles, seeRole Maintenance in PFCGathttp://help.sap.comSAP NetWeaverSAP NetWeaver PlatformSAP NetWeaver 7.0 including Enhancement Package 3Application HelpFunction-Oriented ViewApplication Platform by Key CapabilityABAP TechnologyUI Technologies in ABAPSAP NetWeaver Business Client.Business RolesWithSAP hybris Marketing, default business roles are provided. For more information, seeRoles in SAP hybris Marketing.Start AuthorizationThe start authorization forSAP hybris Marketingis defined in theRole Maintenance(transactionPFCG). When setting up the start authorization for a custom business role, perform the following main tasks: Define the application hierarchy.You can use the full hierarchy provided with the default business role and eliminate the parts you do not require for the current custom role.Refer to theOverview of Launchpads(transactionLPD_CUST) for more information about the available application links provided for theCustomer Analytics Shell(roleHPA, instanceCUAN). Specify the authorization default values for the Open Data (OData) services.UseMaintain the Authorization Default Values(transactionSU22) to view the authorization default values that are provided forSAP hybris Marketing. Note that the authorization objects you assign and specify here, are automatically added to any business role including the respective OData service.Instance AuthorizationThe instance authorization inSAP hybris Marketingis based on the legal entity and refers to the organizational data of the legal entity. For the organizational authorization criteria, the following authorization objects allow for read and write access: Authorization Check on CRM Organization Data(CRA_CRMORG) Authorization Check on ERP Organization Data(CRA_ERPORG) Authorization for CRM Marketing Organization(CRA_MKTORG) Authorization for Company Codes(CRA_BUK) Authorization for Country(CRA_COUNTR) Authorization for Customer Group(CRA_KDGRP) Authorization for Marketing Authorization Group(CRA_MKTGRP) Authorization for File Access(S_DATASET), relevant for the CSV export of campaign data. For more information, see theContent Areasection ofCampaign Details. Authorization for Objects assigned to Marketing Area(HPA_MKT_AR). The authorization object is used in the context of granting instance authorization by marketing area. For more information, seeMarketing Areas in SAP hybris Marketing.