Important components in the authorization concept
Efficient SAP rollout through central, tool-supported management
An alternative to using the S_TABU_LIN authorization object is to create custom table views that make organisational delimitation easier to achieve. To do this, create a new view in the SE11 transaction and add the table to which the constraint will apply on the Tables/Join Conditions tab. The Selection Conditions tab allows you to specify your restrictive organisational condition in the form of a field and a field value. You then authorise all relevant users to access the view, which contains only data for your organisational restriction.
Permissions profiles are transported in the standard (since release 4.6C) with the roles. If you do not want to do this, you have to stop the data export in the source system by the control entry PROFILE_TRANSPORT = NO. The profiles must then be created by mass generation before the user logs are matched in the target system. This can be done via transaction SUPC.
Controlling permissions for the SAP NetWeaver Business Client
Since Release 4.6D, the system creates a new folder for each of the roles included in the pulley when rebuilding a Collective Roll menu at the first hierarchy level, and only then the corresponding menu is located. You can decide whether the text of each folder should consist of the technical name or the short text of the role. This function can be disabled by customising.
You would like to revise your authorisation concept and tailor SAP roles only to the productive processes. We show you how to use the statistical usage data from the Workload Monitor for the SAP role definition. One of the biggest effort drivers in redesigning SAP role concepts is the definition of transactional expression of SAP roles. By using the statistical usage data from the workload monitor, you can avoid costly coordination with process managers in the sense of a Green Field Approach. In this way, you can tailor your SAP role concepts to the content of the usage behaviour. The only requirement is that the data be available for a representative period. This is two months in the SAP standard; You can also extend this time period. Below we describe how you can use the statistical usage data from the Workload Monitor for the SAP role definition.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
In the simulation overview you will now receive all the information you already know from the authorisation maintenance in the transaction PFCG.
To do this, in the SU24 transaction, open the application you want to customise.