SAP Authorizations Authorization roles (transaction PFCG) - SAP Basis

Direkt zum Seiteninhalt
Authorization roles (transaction PFCG)
Custom Permissions
If an authorization system grows too much over the years and there is no structured approach, the result is uncontrolled growth. If companies wait too long with the cleanup, a complete rebuild of the authorization structure or a new concept may make sense. This must be clarified quickly in the event of a cleanup.

You can set up a nightly background job to match the certificates with your customer's own programme. This requires that the certificates can be obtained through an SAP programme.
Query the Data from an HCM Personnel Root Record
The IF_IDENTITY interface of the CL_IDENTITY class provides various methods for maintaining the fields of the user master record. As a template for the implementation of the BAdIs, you can use the CL_EXM_IM_IDENTITY_SU01_CREATE implementation example, which automatically populates the SU01 transaction's surname, space number, phone, email address, user group, billing number, and cost centre fields. This example implementation does not provide an external data source; the user name is set as the last name and fixed values are used for the other fields. At this point, you must complete the implementation, depending on your requirements. There are several possible data sources for the user master data that you can access from the BAdI.

If you want to know more about SAP authorizations, visit the website www.sap-corner.de.

Describing all configuration options would exceed the scope of this tip. If you need explanations about a customising switch that are not listed here, look for the relevant note about the SSM_CID table. All settings described here can be made via the transaction SM30. You must consider that all settings in the SSM_CUST, SSM_COL, and PRGN_CUST tables are client-independent; only the settings of the USR_CUST table depend on the client.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

So if a unit is subdivided into further functional areas, all employees of the unit and the functional areas should have the same authorizations.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

For each area, the connection to other modules is the first priority.
SAP BASIS
Zurück zum Seiteninhalt