Authorization Analysis
Set Configuration Validation
Each UI component that can be clicked corresponds to an external service that must each have permission set up. UI components also include creating or calling stored searches or navigating from one record directly to another record, such as calling an appointment directly from a business partner; This corresponds to cross-navigation. All navigation options in the form of external services are defined in the customising of the CRM business role in the form of a generic outbound plug mapping to the navigation bar. Outbound Plugs (OP) define what happens when a user leaves a view in SAP CRM. Here the customising is set for scenarios that do not necessarily fit all CRM business roles. The corresponding CRM business roles have been configured to be associated with outbound plugs that are not required for the respective CRM business role scenario. This explains the large number of external services in the role menu.
The use of suggestion values not only brings advantages when creating or maintaining PFCG roles, but also when maintaining permissions as a rework of an upgrade. Furthermore, these values can be used as a basis for risk definitions. Before creating PFCG roles, it is useful to maintain the suggested values for the transactions used. However, you do not need to completely revise all of the suggested values that are delivered by SAP.
Maintaining Authorization Objects (Transaction SU21)
Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values. Authorizations allow users to perform actions within the system.
Careful maintenance of suggestion values in the relevant authorization objects results in recurring benefits in creating and revising roles for Web applications. In addition, the SU25 transaction supports role post-processing in the context of SAPUpgrades.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
You can also restrict access to records by using specific criteria, such as field content or organisational separators.
There are several security features in the SAP standard, such as user management, authentication and encryption capabilities, web service security features, and the various authorisation concepts.