Add New Organisation Levels
Do not assign SAP_NEW
When using encryption mechanisms, be sure to prevent access to the personal security environment (PSE) files in the server's file system and database. To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system. For details on securing key tables, see SAP Note 1485029.
Role credentials saved by the last edit are displayed. This option is not recommended if transactions have been changed in the Role menu.
Rebuilding the authorization concept
You can disable this new behaviour for the SAP_ALL profile by setting the customising switch ADD_S_RFCACL to the value YES in the table PRGN_CUST. If the ADD_S_RFCACL entry is YES, SAP_ALL still contains the total permissions for the S_RFCACL authorization object.
We are often asked how permissions are properly assigned to schedule background jobs and manage those jobs. Just follow the guidelines below. Whenever you want programmes to run periodically at specific times without user interaction, or when their runtime should not interfere with normal dialogue operations, schedule them as batch jobs in the background. The scheduling and editing of batch jobs is regulated by permissions, which are often not clear about their use. We therefore explain to you what permissions are necessary for and which authorization objects are important.
Authorizations can also be assigned via "Shortcut for SAP systems".
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
On this basis, determine which organisational characteristics (organisational levels, but also cost centres, organisational units, etc.) represent which parts of the organisation.
A re-certification process that involves the departments and optimizes the revalidation of authorizations is helpful.