Starting Web Dynpro ABAP applications
Limit character set for user ID
As part of the SAP Access Control solution, the Business Role Management component serves the central role management. In addition to other useful functions, it also offers the automation of mass maintenance of role withdrawals. To do this, you must first place the organisational matrix in the customising (transaction SPRO), i.e. you enter the values or value ranges in the Organisation Level Mapping details area for the different organisation fields. At this point, however, you do not specify which reference roles should be derived for these organisational values.
Once you have identified the organisational features to consider, verify that you can redesign the existing roles so that the organisational features can be clearly maintained by use. This leads you to a concept in which functional and organisational separation is simply possible. However, it will end up with a larger amount of roles: Roles posting/investing, changing roles, reading roles. Such a concept is free of functional separation conflicts and is so granular that the organisational characteristics can be pronounced per use area.
Customise evaluation paths in SAP CRM for indirect role mapping
However, there is also the situation that eligibility fields are collected at organisational levels. If these permission fields have already been filled with values in the PFCG roles, you must refill these organisation levels after categorising the permission fields as organisation levels. The PFCG_ORGFIELD_ROLES report helps you to do this, which matches all the roles with the organisation level fields, i.e. with the permission fields maintained in the organisation level fields.
For this very reason, there is a solution to automate the checking of authorizations with regard to critical authorizations and segregation of duties by means of tool support. This gives the authorization administrators more time to correct any errors that occur instead of having to search for them first.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Now, in a separate mode, you can call and run the application you want to customise.
You do not want a user without a user group to be able to be created in your SAP systems? Users without a user group can be changed by all administrators with permission for any user group.