Set up permissions to access specific CO-PA measures
Note the effect of user types on password rules
Single sign-on (SSO): This solution is useful if you have not yet used SSO for your SAPS systems or if not all SAP systems are integrated into the SSO solution. In such cases, you must implement the Web application in a system that supports SSO logins, such as Central User Management (ZBV), SAP Identity Management (ID Management), or Active Directory (AD).
This list in the AGR_1252 table contains both the organisational fields that are shipped in the standard and the fields that you have collected for organisational fields. Unfortunately, the list does not indicate what kind of organisation field it is. But you can find out: Open the PFCG_ORGFIELD_DELETE programme via transaction SA38. The Organisation Level Value Helper (Orgebene) provides a list of all customer-specific organisation fields, because only these can be converted back to normal Permissions Object Fields. Note the implications if you want to actually run this programme.
Customizing
The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.
Compiling and identifying external services in the role menu of CRM business roles is tricky. We show you how to bring order to external services. In SAP Customer Relationship Management (SAP CRM), the role concept is based not only on PFCG roles, but also on CRM business roles. These roles are created in customising and enable the presentation of CRM applications in the SAP CRM Web Client. In order for a user to work in SAP CRM, he needs both CRM business roles that define the user interface and the respective PFCG roles that entitle him to work in the applications. The CRMD_UI_ROLE_PREPARE report identifies and lists all external services defined in the customising of the CRM business role. These are displayed in the role menu of the PFCG role. You will notice, however, that the displayed services represent only a small part of the external services in the role menu.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
On www.sap-corner.de you will also find useful information about SAP basis.
Since many standard tables do not have a table permission group assigned to them and therefore automatically end up in the table permission group &NC&, you should restrict access to this table permission group.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
For example, this way you can also change the name of a table permission group.