Authorization Analysis
Starting reports
Depending on your SAP NetWeaver release status, you must include SAP Note 1731549 or a support package. After that, it is no longer possible to create new users whose names consist only of variants of spaces or non-visible special characters. Changes to existing users are still possible. The customising switch BNAME_RESTRICT, also included in SAP Note 1731549, allows you to control whether you want to allow alternate spaces at certain locations of the user ID.
After clicking on this button, you will see the current ZBV status in the area of the same name and can release the selected system from the ZBV via the Run button. ZBV is no longer active for this subsidiary system. To avoid inconsistencies in the user master kits, you must reconcile the users in the daughter system after the ZBV is activated. You can do this in the transaction SCUG and transfer user data from the subsidiary system to the central system. Information on the technical requirements can be found in SAP Note 962457. To disable the ZBV completely, use the RSDELCUA report or the Delete button in the transaction SCUA. With this function you have the possibility to delete either only certain subsidiary systems from the ZBV or the complete ZBV.
Checking at Program Level with AUTHORITY-CHECK
Many companies do not pay enough attention to the topic of authorizations in SAP SuccessFactors. It often seems too complex and confusing. Both the creation of a concept and the harmonization of existing structures often seem like a mammoth task. However, with role-based authorizations, SAP provides a very powerful control tool that remains clear with a little help and documentation.
After these preparations, we now proceed to the expression of the User-Exit in the validation that has just been created. To do this, you copy the User-Exit definition in the created custom programme, specify a name for the User-Exit definition (e.g. UGALI) and create a new text element.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
To enable this change in system behaviour, you must set the CLIENT_SET_FOR_ROLES customising switch to YES in the PRGN_CUST table.
If no permission check occurs in your code, the permission concept cannot restrict access.