Best Practices Benefit from PFCG Roles Naming Conventions
Organisational allocation
In these cases, the total permissions from the RFC_SYSID, RFC_CLIENT, and RFC_USER fields will not be applied. However, you will always see a system message. These constraints cannot be changed by the settings of the customising switch ADD_S_RFCACL in the table PRGN_CUST.
For an authorization concept, a clear goal must be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective system and the associated authorization concept must take into account. In this way, the legal framework is defined, which is a legal necessity for successful implementation.
What are the advantages of SAP authorizations?
If a user does not have a print permission for an output device (S_SPO_DEV privilege object), an instant print flag may be rescinded, which means that a spool job created during the job step would not print immediately. If archive parameters are passed when scheduling a step, a check is performed on the object S_WFAR_PRI. If the Step user does not have a matching permission, an error message is displayed.
A new transaction has been added to evaluate the system trace only for permission checks, which you can call STAUTHTRACE using the transaction and insert via the respective support package named in SAP Note 1603756. This is a short-term trace that can only be used as a permission trace on the current application server and clients. In the basic functions, it is identical to the system trace in transaction ST01; Unlike the system trace, however, only permission checks can be recorded and evaluated here.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Some useful tips about SAP basis can be found on www.sap-corner.de.
It is customary to keep the supporting documents between 12 and 18 months, as this corresponds to the retention periods for the revision.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system.