SAP Authorizations Edit Old Stand - SAP Basis

Direkt zum Seiteninhalt
Edit Old Stand
Custom Permissions
If you do not maintain the values or set them to a value other than YES, the role menus of the reference user will not be taken into account when setting up the user menu. The two switches are system-wide; It is therefore not possible to define a specific shape for the client. If you set both switches to YES, you will not be able to tell from the user menu entries whether they are from the reference user's or user's role menus. Reference users have another benefit: You can also use it to inherit the contractual user type. A user inherits the classification of the reference user if they do not have any other role or profile mappings with classification, or if they have not been classified manually.

For the transport of PFCG roles with their profiles there is also an SAP notice: Note 1380203. If you enter the correction, it is possible to use separate positions for the third and fourth digits of the generated profile name for the definition. In the SAP standard, the name of a generated profile is composed as follows, for example, if the System ID is ADG: T-AG#####. If your other source systems differ only in the second place of the system ID, the profile name does not indicate from which system the profiles originate.
WHY ACCESS CONTROL
The SU25 transaction lists additional customisation options in addition to upgrade activities. Under the item Adjustment of the permission checks (optional) are the transactions SU24 for the maintenance of the value of the proposal, the transaction AUTH_SWITCH_OBJECTS for the global elimination of the authorization objects as well as the transaction SE97 for the maintenance of transaction startup permissions checks (see Tip 76, "Maintain transaction start permissions when calling CALL TRANSACTION"). In the Manual Adjustment section of selected roles, you can create roles from manually created profiles, generate SAP_NEW (see Tip 64, "Use SAP_NEW correctly"), or generate SAP_APP as roles. In the General maintenance for suggestion values section, the reports SU2X_CHECK_WDY_HEADER for the registration of header data for external services (see tip 38, "Use the SU22 and SU24 transactions correctly") and SU2X_CHECK_CONSISTENCY for the concession test (available via the in SAP Note 16466666446445) 692 named Support Package) of suggestion values for the selected authorization objects.

At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.

Permissions must have both identical maintenance status (default, maintained, modified, manual) and an identical active status (active or inactive). Exceptions represent changed permissions and manual permissions; these are summarised when the active status is identical.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

Then, in the right part of the window, you will see all the applications logged.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

To do this, click the Roles button (Use in Single Roles).
SAP BASIS
Zurück zum Seiteninhalt