Check for permissions on the old user group when assigning a new user group to a user
Risk: historically grown authorizations
This information is used in the name generation of the external service. In this way, all area start pages and logical links configured in a CRM business role are authorised in the form of external services. Due to the mass of external services that appear in the role menu, it is difficult to keep track of them. Now, to allow only certain external services, you can do the following: First, identify the external service using the permission trace.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
In the display image of your selected table, go to the Tools menu and select Assign Permissions Group. On the following image, you can then change the association with a table permission group or assign a new permission group. To do this, click the View/Modify button ( ) and enter your permission group in the Permission field.
Prevent excessive permissions on HR reporting
Confirmation of the dialogue will immediately start the recording; They therefore end up in the PFCG transaction. We want to record the creation of a single role derived from a reference role. Complete the appropriate steps in the PFCG transaction and try to avoid unnecessary steps - every step you take will make your recording bigger and less cluttered. Enter the name of the derived role - we can influence it later when playing with eCATT - and specify the role. Now assign the reference role. Note that the PFCG transaction is actually executed, so the role is actually created in the system! In the SCC4 transaction, first check whether eCATT is allowed to run. Then start the SECATT transaction. As you get started, you can define and modify test scripts and test configurations. First, create a test script. Think of it as a blueprint or a flow rule for how to create new derived roles. The test script will contain your recording later. Give the script a talking name, such as Z_MASSENGERATION_DERIVATIVES. Then click the Create Object button. You will now go to the Attribute tab, where you specify the general frame data. Then click the Editor tab. Now it goes to the recording, in the eCATT language called patterns. Click the Pattern button and specify that you want to record the PFCG transaction by selecting the UIAncontrol and TCD (Record) settings. The system will propose to call the interface "PFCG_1"; You can simply confirm this.
Further changes can be found when using the proof of use. When you click on the button (proof of use), you will receive a new selection. You can check which permissions, SU24 suggestion values, or SU22 suggestion values the authorization object uses. The ABAP-Workbench selection, as in previous releases, provides you with the proof of use for implementing the authorization object in programmes, classes, and so on. You can use the SAP NEW Data button to mark whether this authorization object is relevant to an SAP New role of a particular release.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Click the Pattern button and specify that you want to record the PFCG transaction by selecting the UIAncontrol and TCD (Record) settings.
Verification of compliance with the development directives should be an essential part of quality assurance before the programmes are used productively.