Maintain table permission groups
Correct settings of the essential parameters
The role menu of the PFCG role now consists of folders that represent all logical links within a scope start page, and external services that represent the logical links and the area start pages themselves. This means that any external service listed in the Role Menu is eligible for a Area Start Page or Logical Link. If such an external service is removed from the role menu and the PFCG role is generated, the user of this PFCG role does not have permissions to view this external service (see screenshot next page). You will find duplicate, maybe even triple, entries from external services. These are mainly found in the folders of the homepage and under GENERIC_OP_LINKS. You can delete them without any concern, because an external service for a permission must appear only once in the Role menu. For a better overview, it is also useful to rename the external services or folders as they are shown in the SAP CRM Web Client.
Anyone who owns valuable personal property assumes responsibility for it - just like a landlord, for example. He decides whether changes need to be made to the building, whether privacy hedges need to be planted in the garden or whether superfluous old appliances need to be disposed of and, if necessary, has a new lock installed immediately if the front door key is lost. He may forbid visitors who are not relatives to enter the bedroom or the daughter to have a public party in the house.
Authorization concept
Versions are the change documents within the development environment, for example, for changes to ABAP source code or the technical properties of tables. This authorization should only be assigned to an emergency user.
An SAP security check focuses in particular on the assignment of authorizations. This is what enables users to work with the SAP system in the first place, but it can, under certain circumstances, unintentionally add up to conflicts over the separation of functions or even legally critical authorizations. For this reason, tools for technical analysis must be used regularly to provide the status quo of authorization assignment and thus the basis for optimization.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The website www.sap-corner.de offers many useful information about SAP basis.
SAP delivers authorization objects for Records and Case Management, which you can use to control access to records, cases, documents, and incoming mail items for individual organizational units in your organizational plan in conjunction with corresponding Customizing settings.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
It must therefore be defined in which time period and in which form the departments must receive the information about the assigned authorizations and report back regarding the correctness of the assignment.