Permissions objects already included
Dialogue user
A manual comparison of role texts in an SAP system landscape with ZBV is very annoying. You can also automate the sync. I'm sure you know this. When creating or maintaining users in the Central User Administration (ZBV), you must manually start the text matching each time before assigning PFCG roles to provide you with the latest PFCG role definitions. Managing a large system landscape with many systems in your ZBV - including development, test and production systems - the text comparison can take a while.
The SAP authorization concept ensures that no unauthorized access can be made to transactions, programs and services in SAP systems. To call up business objects or execute transactions in the SAP system, a user therefore requires the appropriate authorizations. When called, the application started via a transaction checks whether the authorization exists and whether the user is allowed to perform the selected operation.
Deletion of change documents
If transactions are changed in the role menu of a single role, this option is automatically suggested to the operator. In this option, the profile generator will match the pre-existing permissions data with the SU24 transaction permission proposals from the role menu. If new permissions are added to the permission tree during this comparison, they will be marked with the Update status New. Permissions that existed before the match are assigned the Alt update status.
The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
Critical permissions are permissions that allow you to view or modify security-related configurations in the SAP system, or perform activities that are critical from a legal or business perspective.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Position the cursor under My Favourites on the entry SAP Customising Intro Guide, and then click the Expand Structure button.