Equal permissions
Maintenance Status
The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar. First, select the authorization object that you want to maintain. There can be multiple permissions for each authorization object. Then load the trace data by clicking the Evaluate Trace button. A new window will open again, where you can set the evaluation criteria for the trace and limit the filter for applications either to applications in the menu or to all applications. Once the trace has been evaluated, you will be presented with all checked permission values for the selected authorization object. With the Apply button, you can now take the values line by line, column by column, or field by field.
It is essential to implement adequate authorization checks in every ABAP development. For this purpose, the so-called AUTHORITY-CHECK is used, which queries the required authorization object characteristics and thus only allows authorized users to execute the code.
Analyzing the quality of the authorization concept - Part 1
The topic-related audit structures are created based on area menus. On the one hand, SAP default audit structures are offered, and on the other hand, you have the possibility to create custom audit structures as area menus. The advantage of the audit structures as area menus is that you can use existing area menus or simply create new area menus. The SE43 transaction gives you an overview of the existing area menus; It is also used to maintain and transport area menus.
However, if a company does not have a concept for introducing new SAP authorizations and these are always coupled with new roles, the roles and authorizations will continue to grow. New modules, new processes and new user groups very quickly lead to many authorization groups, numerous authorization roles and complex documentation - even assuming the ideal case that companies have used Excel, for example, for all previous implementations and enhancements and have kept the documentation up to date. What is the purpose of a role? Which user has which authorization? Due to the amount of roles and authorizations, it quickly becomes confusing for users. System performance also suffers as the amount of data increases.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Users working in SAP CRM use the SAP CRM Web Client to invoke CRM capabilities.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
Many innovations make this work easier and make the whole process more transparent.