What are SAP authorizations?
Use SAP Code Vulnerability Analyser
After creating a authorization object, you should do the following: Make the permission check implementation at a convenient location in your code. Maintain the proposed values for the application in the transaction SU24. Re-load the role in the PFCG transaction if the application has already been rolled. If it is a new application, adjust the roles by including the new application in the Role menu, and then maintaining the permissions of the authorization objects loaded into the role by the suggestion values.
As part of the SAP Access Control solution, the Business Role Management component serves the central role management. In addition to other useful functions, it also offers the automation of mass maintenance of role withdrawals. To do this, you must first place the organisational matrix in the customising (transaction SPRO), i.e. you enter the values or value ranges in the Organisation Level Mapping details area for the different organisation fields. At this point, however, you do not specify which reference roles should be derived for these organisational values.
Use SAP_NEW correctly
You can disable this new behaviour for the SAP_ALL profile by setting the customising switch ADD_S_RFCACL to the value YES in the table PRGN_CUST. If the ADD_S_RFCACL entry is YES, SAP_ALL still contains the total permissions for the S_RFCACL authorization object.
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Permissions in the Permission Tree with status are only deleted if the last transaction associated with the permission has been deleted from the Role menu.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
The Create/Modify button provides an overview of the existing table permission groups.