Maintain generated profile names in complex system landscapes
Use AGS Security Services
Compiling and identifying external services in the role menu of CRM business roles is tricky. We show you how to bring order to external services. In SAP Customer Relationship Management (SAP CRM), the role concept is based not only on PFCG roles, but also on CRM business roles. These roles are created in customising and enable the presentation of CRM applications in the SAP CRM Web Client. In order for a user to work in SAP CRM, he needs both CRM business roles that define the user interface and the respective PFCG roles that entitle him to work in the applications. The CRMD_UI_ROLE_PREPARE report identifies and lists all external services defined in the customising of the CRM business role. These are displayed in the role menu of the PFCG role. You will notice, however, that the displayed services represent only a small part of the external services in the role menu.
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
Advantages of authorization concepts
Let's say that a user - we call her Claudia - should be able to edit the spool jobs of another user - in our example Dieter - in the transaction SP01. What do you need to do as an administrator? Each spool job has a Permission field; By default, this field is blank. If Claudia wants to see a Dieter spool job, the system will check if Claudia has a specific spool job permission with a value of DIETER. Claudia does not need additional permissions for its own spool jobs that are not protected with a special permission value.
You can set up a nightly background job to match the certificates with your customer's own programme. This requires that the certificates can be obtained through an SAP programme.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The dynamic configuration is used when settings need to be adjusted temporarily.
Over time, many authorization concepts have developed into opaque constructs.