Maintain authorization objects more easily
Authorization concepts in SAP systems
Package Privileges permissions: Package Privileges are permissions that control access to development packages in the SAP HANA database. Packages contain design-time versions of objects that can be transported with this package via a delivery unit and thus made available to other systems.
Armed with this information, it goes to the conceptual work. Describe which employee groups, which organisational units use which applications and define the scope of use. In the description, indicate for which organisational access (organisational level, but also cost centres, organisational units, etc.) the organisational unit per application should be entitled; So what you're doing is mapping out the organisation. It is also important to note which mandatory functional separation must be taken into account. This gives you a fairly detailed description, which in principle already indicates business roles (in relation to the system).
Use table editing authorization objects
Despite progressive use of web interfaces in the S/4HANA context, batch processing for mass data is still required. However, our experience from customer projects shows that only very few authorization administrators know how to correctly authorize the scenarios. SAP OSS Note 101146 provides a good overview here. In this blog post, we would like to summarize the context for practical use.
The changes made by inserting the note or upgrading to the above support packages do not only affect the SAP_ALL profile. While it remains possible to assign the full RFC_SYSID, RFC_CLIENT, and RFC_USER permissions in principle; However, this can only be done manually in the PFCG transaction through the dialogue maintenance of the fields. In this case, another dialogue box will open, indicating the security risk. You must confirm this window. From this change of behaviour of the SAP_ALL profile, it follows that all automatic methods for taking over the overall authorisation are no longer available in the fields of the S_RFCACL authorization object.
Authorizations can also be assigned via "Shortcut for SAP systems".
The website www.sap-corner.de offers many useful information about SAP basis.
The last two columns indicate whether the S_TABU_DIS or S_TABU_NAM authorization objects have suggestion values maintained in the SU24 transaction.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
In order to be able to take into account the complex relationships in the allocation of the privileges actually needed in a manageable way, privileges in SAP HANA are bundled into roles.