What are SAP authorizations?
By inserting SAP Note 1723881, you resolve the third of these problems by banning the recording of the same role on different transport orders. To enable this change in system behaviour, you must set the CLIENT_SET_FOR_ROLES customising switch to YES in the PRGN_CUST table. This toggles the setting in the SCC4 transaction for changing and recording custom customising objects ("Client modifiability") for role maintenance.
Make sure that reference users are assigned minimal permissions to avoid overreaching dialogue user permissions. There should be no reference users with permissions that are similar to the SAP_ALL profile.
Authorization objects of the PFCG role
The data that is regulated by the structural authorizations must be hierarchically structured in one of the personnel development components. This could be Organizational Management or Personnel Development, for example. Access can thus be regulated relative to the root object within the hierarchical structure.
When the FIORI interface is called up, different roles (Fiori groups) are associated with factually related FIORI tiles. As an example, here is the group Master Data in which the FIORI tile "Manage Cost Center" can be found.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Make sure to set external breakpoints via the button if you are calling your application via the browser rather than via SAP GUI.
You can call this table through the SE16 transaction.