System Settings
Unclear responsibilities, especially between business and IT
The second example requires additional permission checks to display certain documents in the FBL*N transactions. This can be achieved by means of the expression and activation of a function block in the BTE, the so-called processes and events. The sample function module BTE for the event 1650 can be found in the FIBF transaction in the area of Publish-&-Subscribe interfaces (Environment > Information System (P/S)). The sample function module is basically used to enrich data in the item display. To do this, he passes the complete record per document line and expects it to be enriched back. This is exactly what we are using.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Do you also work in a complex system landscape where roles are decentralised? Then, inconsistencies can occur by transporting profiles from different systems to a target system. We'll show you how to prevent that. In the case of decentralised maintenance of eligibility roles, i.e. maintenance of roles in different systems or clients, there is a risk that the number sequences for the generation of eligibility profiles overlap. You can then generate profiles with the same name for different roles in different clients. As soon as you transport these eponymous permission profiles into a common target system, the profile will be overwritten by the newly imported profile and inconsistencies will arise. As a result, you may, for example, assign an ERP Permissions Role an SCM permission profile. This may result in a user assigned the ERP role not obtaining the required permissions or even too many permissions. You also have a problem if you want to use the permission profile to determine the source system and the client in which this profile was generated. This is not possible if the first and third characters of the SAP System ID (SID) and the number sequence for generating the permission profile match.
SAP license optimization
Finally, you can extend your implementation of the BAdIs BADI_IDENTITY_SU01_CREATE and pre-enter additional fields of the transaction SU01. To do this, complete the appropriate SET_* methods of the IF_IDENTITY interface. For example, it is possible to assign parameters that should be maintained for all users, assign a company, or assign an SNC name.
It takes too long to read out the User and Permissions Management change notes? With a good archiving concept, you can improve performance. User and Permissions Management applications write change documents that increase significantly over time and can cause long wait times to read them. To reduce waiting times, you should archive the documents and set a logical index for key change documents. For this, however, you need a comprehensive overview of the storage locations and also of the evaluation possibilities and archiving scenarios. In the following we will show you how you can optimise the change document management of the user and permission management.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You can also supplement authorisation checks in standard transactions if the existing checks do not cover your requirements.
Each of your actions leads to the use of runtime versions of the corresponding objects.