Assignment of roles
Eligibility proposal values
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
You assign a reference user to a dialogue user by registering the reference user for additional rights in the SU01 transaction on the Roles tab in the Reference User field. If you are using Central User Administration (ZBV), the assignment applies to all connected systems. If the reference user does not exist in one of the systems, the mapping is ignored. However, the use of reference users also creates risks. This makes it easier to summarise permissions because it is difficult to keep track of the assigned permissions. In SAP NetWeaver AS ABAP 7.0 and above, reference users are considered in the reports of the user information system.
Automatically pre-document user master data
The role menu of the PFCG role now consists of folders that represent all logical links within a scope start page, and external services that represent the logical links and the area start pages themselves. This means that any external service listed in the Role Menu is eligible for a Area Start Page or Logical Link. If such an external service is removed from the role menu and the PFCG role is generated, the user of this PFCG role does not have permissions to view this external service (see screenshot next page). You will find duplicate, maybe even triple, entries from external services. These are mainly found in the folders of the homepage and under GENERIC_OP_LINKS. You can delete them without any concern, because an external service for a permission must appear only once in the Role menu. For a better overview, it is also useful to rename the external services or folders as they are shown in the SAP CRM Web Client.
In case of missing authorizations, SAP Basis also helps with an authorization trace in addition to the well-known SU53 for a more detailed analysis of authorization objects. The article "SAP Basis Basic or finding missing authorizations thanks to SU53 or ST01 Trace" describes this in more detail.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can then evaluate this status through reporting.
In the transaction, you can modify SCUM to change the field allocation properties so that fields that were originally globally distributed across the ZBVs are also locally maintainable.