SAP Authorizations Customise SAP_ALL Profile Contents - SAP Basis

Direkt zum Seiteninhalt
Customise SAP_ALL Profile Contents
Assign SAP_NEW to Test
The data that is regulated by the structural authorizations must be hierarchically structured in one of the personnel development components. This could be Organizational Management or Personnel Development, for example. Access can thus be regulated relative to the root object within the hierarchical structure.

Create a report transaction for the report that is called in the background job. Set up the report transaction in the transaction SE93 and assign the report RHAUTUPD_NEW as a programme. Start the authorisation trace by setting the auth/ authorisation_trace profile parameter to Y or F if you want to work with filters (see tip 38, "Use the SU22 and SU24 transactions correctly"). Now run the job to collect permission checks on the permission trace. Your permission checks should now be visible in the STUSOBTRACE transaction. Now maintain the permission proposal values for your report transaction in transaction SU24 by entering the transaction code in the appropriate field. You will find that no values are maintained. Now switch to Change Mode. You can add your permission suggestions from the trace using the Object > Insert objects from Permissions Trace > Local (see Tip 40, "Use Permission Trace to Determine Suggest Values for Custom Developments"). Add the suggestion values for each displayed authorization object. Now create a PFCG role that includes the report transaction permission and maintain the open permission fields. Then test whether the job can be run with the permissions from the PFCG role.
ACCESS CONTROL | AUTHORIZATION MANAGEMENT FOR SAP®
The default authorization roles of the new SAP system for consolidation and planning, SAP Group Reporting, are shown in the following graphic. It does not matter whether the system is accessed via the browser (Fiori Launchpad) or via local access (SAP GUI). The authorization roles shown in the graphic merely indicate the technical specifications preset by SAP. However, these can be used as a starting point and adapted accordingly after a copy has been created.

If you want to know more about SAP authorizations, visit the website www.sap-corner.de.

Add missing modification flags in SU24 data: This function complements the modification flag for entries that have changed since the last execution of step 2a in the transaction SU25, i.e., where there is a difference to the SAP data from the transaction SU22. The flag is thus set retrospectively, so that no customer data is accidentally overwritten with step 2a due to missing modification flags.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

In the SU53 you get the entry of the user that is stored there, and this may be old.
SAP BASIS
Zurück zum Seiteninhalt