Reference User
Archive change document management for user and permission management
Only current profile data is always recorded, so that obsolete profiles and permissions in the target system cannot be deleted by transport. This data remains associated with the users and remains effective until it clears a user synchronisation with the Cleanup option (transaction PFUD).
The background to the mass presence of authorization objects in a PFCG role after a role menu has been created is usually the mass of generic OP links that are not actually necessary for the CRMBusiness role. The existence of proposed values from the transaction SU24 loads the proposed authorisation values associated with the respective external services into the PFCG role, which results in too many unnecessary authorization objects being placed there. By excluding the GENERIC_OP_LINKS folder, you only need to take care of the external services and their authorization objects configured in the CRM business role in your PFCG role. For a user to have all the necessary permissions, you now assign the basic role with the permissions to the generic operating links and the actual role that describes the user's desktop.
Audit Information System Cockpit
Each pass of the profile generator collects all the permission suggestions from the SU24 transaction to a transaction added through the role menu of the single role and checks the permissions to be added to the permission list. The following effect is to add transactions to a role when the added transaction is announced through the role menu of the role and various criteria are met.
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
If you create a new permission concept, it is useful to include the favourites in the viewing.
Since the organisational criteria are found in several tables, this eligibility check need not be bound to specific tables and can be defined across tables.