Translating texts into permission roles
User group can be defined as required field
Last but not least, a well-managed suggestion value maintenance helps you with upgrade work on suggestion values and PFCG roles. This ensures that your changes and connections to the respective PFCG roles are retained and new permissions checks for the new release are added to the applications.
As long as the corresponding tests in both the development and the quality system are not completed, the SAP_NEW profile will be assigned to the testers in addition to their previous roles. This ensures that the transactions can be traversed without errors of authorisation. Parallel enabled permissions (ST01 or STAUTHTRACE transactions) can be used to identify the required permissions and assign them to the user through the appropriate roles.
Use the authorisation route to identify proposed values for customer developments
The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept. The checks allow incorrect authorizations to be identified and rectified without a redesign.
In contrast to storing passwords in the form of hash values, the user ID and password are transmitted unencrypted during the login of the client to the application server. The Dynamic Information and Action Gateway (DIAG) protocol is used, which may look somewhat cryptic but does not represent encryption. In addition, there is no cryptographic authentication between the client and the application server. This applies not only to communication between the user interface and the application server, but also to communication between different SAP systems via Remote Function Call (RFC). So, if you want to protect yourself against the access of passwords during the transfer, you have to set up an encryption of this communication yourself.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
On www.sap-corner.de you will also find useful information about SAP basis.
To do this, you must provide data on each organisation in a structured form.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
This applies above all to the authorization for "debugging with replace" (see "Law-critical authorizations").