SAP Authorizations Controlling permissions for the SAP NetWeaver Business Client - SAP Basis

Direkt zum Seiteninhalt
Controlling permissions for the SAP NetWeaver Business Client
SIVIS as a Service
Do the permissions for a self-developed UI component for the SAP CRM Web Client always have to be maintained manually? Not necessarily - if you define them as suggested values for external services. If you have developed your own UI components in the Customer Name Room in SAP CRM and you want to authorise them via the default process, i.e. create a role menu for a PFCG role using the CRMD_UI_ROLE_PREPARE report, you must do some preliminary work. When you run the report, you will notice that the external services for your own developments are not present and therefore do not appear in the role menu. The only way to qualify your UI components is to manually maintain the UIU_COMP authorization object. However, you can maintain your own UI components as external services with suggestion values in the SU24 transaction and take advantage of this information in PFCG role maintenance.

Additional checks should be performed on document transactions in specific processes. This may be necessary, for example, when booking via interfaces in customer-owned processes, if the booking is to be possible only under certain conditions or on certain accounts.
SU2X_CHECK_CONSISTENCY & SU24_AUTO_REPAIR
Create a report transaction for the report that is called in the background job. Set up the report transaction in the transaction SE93 and assign the report RHAUTUPD_NEW as a programme. Start the authorisation trace by setting the auth/ authorisation_trace profile parameter to Y or F if you want to work with filters (see tip 38, "Use the SU22 and SU24 transactions correctly"). Now run the job to collect permission checks on the permission trace. Your permission checks should now be visible in the STUSOBTRACE transaction. Now maintain the permission proposal values for your report transaction in transaction SU24 by entering the transaction code in the appropriate field. You will find that no values are maintained. Now switch to Change Mode. You can add your permission suggestions from the trace using the Object > Insert objects from Permissions Trace > Local (see Tip 40, "Use Permission Trace to Determine Suggest Values for Custom Developments"). Add the suggestion values for each displayed authorization object. Now create a PFCG role that includes the report transaction permission and maintain the open permission fields. Then test whether the job can be run with the permissions from the PFCG role.

For simplicity, we want to explain this example by using the PFCG_TIME_DEPENDENCY background job. This job calls the report RHAUTUPD_NEW or can be executed directly with the transaction PFUD. Imagine that there's no transactional code for this job yet.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

You can view, maintain, and assign table permission groups in transaction SE54 (see Tip 55, "Maintain table permission groups").

Therefore, it is not possible to add a list of more than 28 users, which can be very difficult for long lists.
SAP BASIS
Zurück zum Seiteninhalt