Compare Role Upgrade Permissions Values
Transactional and Native or Analytical Tiles in the FIORI Environment
Developer and customizing authorizations represent a great potential danger in productive SAP systems. Here, authorizations must be assigned very restrictively, e.g. only to emergency users. The same applies to RFC connections from a development system to productive systems. Such connections can only be used to a very limited extent.
It is easier to specify the programme name in the PROGRAM field because the maximum value of 40 characters is the limit for programme names in the SAP NetWeaver application server ABAP. If it is a function block or a Web application, you can obtain the programme name by using the System Trace for Permissions (transaction ST01 or transaction STAUTHTRACE). In the SPTH table, you can define access rights for paths and whether you want to perform an additional permission check on the S_PATH object.
Best Practices Benefit from PFCG Roles Naming Conventions
You can use the function block level permission check by setting the FUNC value in the RFC_TYPE field in the S_RFC authorization object. If you still want to allow function groups, specify the value FUGR here. Depending on the RFC_TYPE field, type the name of the function block or group in the RFC_NAME field (name of the RFC object to be protected). This extension of the test is provided by the correction in SAP Note 931251.
The authorisation trace is a client- and user-independent trace. The results of this trace are written in the USOB_AUTHVALTRC table and can also be viewed in the STUSOBTRACE transaction by clicking the Evaluate button. This trace data can be used by developers to maintain the permission proposal values in the transaction SU22 (see also Tip 40, "Using the permission trace to determine suggested values for custom developments").
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Customer and vendor totals statements: The Customer or Vendor Accounting Sum.
The PFCG_ORGFIELD_ROLES report helps you to do this, which matches all the roles with the organisation level fields, i.e. with the permission fields maintained in the organisation level fields.