Generic access to tables
Immediate authorization check - SU53
System Privileges (Database System) permissions: System Privileges are SQL permissions that control administrative actions throughout the database. Such actions include creating a (database) schema (CREATE SCHEMA), creating and modifying roles (ROLE ADMIN), creating and deleting a user (USER ADMIN), or running a database backup (BACKUP ADMIN).
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
The SAP authorization concept
This list in the AGR_1252 table contains both the organisational fields that are shipped in the standard and the fields that you have collected for organisational fields. Unfortunately, the list does not indicate what kind of organisation field it is. But you can find out: Open the PFCG_ORGFIELD_DELETE programme via transaction SA38. The Organisation Level Value Helper (Orgebene) provides a list of all customer-specific organisation fields, because only these can be converted back to normal Permissions Object Fields. Note the implications if you want to actually run this programme.
To create a authorization object, you must first select the result area and the form of the result invoice, whether calculating or accounting, for which you want to validate the authorization object. To do this, you must enter the name of the authorization object to be created and click the button (Next). You then set a text for the authorization object and select a maximum of ten permission fields for the object using the Fields button. Only a selection of the characteristics defined for the result area - and for the calculation of the result account also the value fields - is possible. You can now create different authorization objects for the key numbers and characteristics, or you can group the relevant fields into a authorization object. We advise you to define only one object with all relevant fields, as this will facilitate the maintenance of permissions. In our example, we created an accounting authorization object for the characteristics of the profit centre, distribution channel and work in the information system.
Authorizations can also be assigned via "Shortcut for SAP systems".
The website www.sap-corner.de offers many useful information about SAP basis.
Of course, this has implications if you want to upgrade a field to the organisation level.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
There are several ways to view the implementation of permission checks: Either you jump directly from the system trace for permissions to the appropriate locations in the programme code, or you go over the definition of the authorization objects.