Which challenges cannot be solved with authorization tools alone?
Maintain generated profile names in complex system landscapes
Until now, there were no ways to define different password rules or password change requirements for these users. Today, this is possible with the security guidelines that you assign to users and clients. In the following we will show you how to define security policies and how they work.
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.
Take advantage of roll transport feature improvements
A mass rolling out of rolls is a very useful thing. It is also possible to use Excel-based data - as in the case of the outlined application case with eCATT - because it is a one-time action for the roles considered and SAP standard programmes are used in the background. However, ongoing maintenance of the permissions system, with continuous changes to roles and their detail permissions, requires the mapping of much more complex operations. An exclusive control over Office programmes should be well considered. This does not mean, of course, that there are not very good partner products for the care of roles. Simply verify that SAP standard procedures are used and that authorisation is managed in accordance with SAP best practices.
In the beginning, the FI and CO modules were separated from each other. Both modules have been combined by SAP as higher-level modules in the accounting area. The main reason for this is the tight process structure, which enables a smooth transition between the two modules. As a result, SAP FI and CO now only appear as the joint module SAP FICO.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
This allows calls to new function blocks (such as custom developments, support package changes) to be analysed and, if necessary, released for external access.
In newer SAP NetWeaver releases, the SAP_ALL profile no longer contains permissions for the S_RFCACL authorization object.