Using eCATT to maintain roles
Service User
Another option is to not assign the SAP_NEW permission to a user. For example, during the tests to be performed, both the development system and the quality assurance system will experience permission errors. These should then be evaluated accordingly and included in the appropriate eligibility roles for the correct handling of the transactions.
Do this once in your system. For example, you can jump from the MM50 transaction to the MM01 transaction without explicitly assigning transaction startup permission to the MM01 transaction through the S_TCODE authorization object. You can see this call in your System Trace for Permissions in the Additional Information column for testing. There you can see that the CALL TRANSACTION call has disabled the permission check. The user is allowed to jump into the transaction MM01, although in the role assigned to him Z_MATERIALSTAMMDATEN only permissions for the transactions MM03 and MM50 are recorded.
Standard authorisation
This function was not part of the standard delivery. With the support package named in SAP Note 1860162, the transaction SAIS_SEARCH_APPL is now delivered. This transaction allows you to verify that other applications have startup properties similar to those available in a particular application. For example, we searched for applications with similar functionality as the PPOME transaction provides.
An alternative to using the S_TABU_LIN authorization object is to create custom table views that make organisational delimitation easier to achieve. To do this, create a new view in the SE11 transaction and add the table to which the constraint will apply on the Tables/Join Conditions tab. The Selection Conditions tab allows you to specify your restrictive organisational condition in the form of a field and a field value. You then authorise all relevant users to access the view, which contains only data for your organisational restriction.
Authorizations can also be assigned via "Shortcut for SAP systems".
In the validation process, copy the RGGBR000 programme into your Customer Name Room, replacing the last three characters with the number of the client in which the validation will be performed.
As a result, you may, for example, assign an ERP Permissions Role an SCM permission profile.