Authorization concept - user administration process
General authorizations
As part of the use of a HANA database, you should protect both the execution of HANA database functions as well as the reading or altering access to the data stored in the database by appropriate permission techniques. Essential to the permission technique are database objects such as tables and views - which allow access to the stored data - as well as executable procedures and users. The specific HANA-specific permissions assigned to a user are referred to as privileges in the HANA context.
You have already created roles for SAP CRM and would like to add additional external services? Nothing easier than that! Create PFCG roles for the SAP CRM Web Client, typically so that you complete the customising of the CRM business role before creating the PFCG role, based on this customising. However, the customising of the CRM business role may be updated. The PFCG role must now also be adjusted, otherwise the newly configured area start pages or the logical links will not be visible. However, there is no automatism for this, as it exists during the initial creation of the role menu. You must apply the adjustment manually in the PFCG role.
Data ownership concept
Access to tables and reports should be restricted. A general grant of permissions, such as for the SE16 or SA38 transaction, is not recommended. Instead, parameter or report transactions can help. These transactions allow you to grant permissions only to specific tables or reports. You can maintain secondary authorization objects, such as S_TABU_NAM, in the Sample Value Care.
Different users in your SAP system will have different password rules, password changes, and login restrictions. The new security policy allows you to define these user-specific and client-specific. It happens again and again that there are special requirements for password rules, password changes and login restrictions for different users in your SAP system. There may be different reasons for this.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
In the following we will show you how you can optimise the change document management of the user and permission management.
Position the cursor under My Favourites on the entry SAP Customising Intro Guide, and then click the Expand Structure button.