Authorization objects of the PFCG role
Implementing the authorization concept in the FIORI interface
After creating a authorization object, you should do the following: Make the permission check implementation at a convenient location in your code. Maintain the proposed values for the application in the transaction SU24. Re-load the role in the PFCG transaction if the application has already been rolled. If it is a new application, adjust the roles by including the new application in the Role menu, and then maintaining the permissions of the authorization objects loaded into the role by the suggestion values.
You can send a signed e-mail to the system you want to announce the certificate to. For example, this is a useful alternative when emailing addresses outside your organisation. A prerequisite for this solution is that a signature certificate exists for your SAP system, in whose certificate list the certificate authority certificate - or certificates - of your users have been imported.
Create permissions for customising
Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values. Authorizations allow users to perform actions within the system.
In order to be able to execute subsequent SAP standard reports, you need authorizations to access certain programs or reports and in the area of role maintenance. The transactions "SA38" and "SE38" for executing programs are of particular importance. They enable a far-reaching system analysis by means of certain programs for the end user. Additional rights associated with this, which can go beyond the basic rights of administrators, have to be controlled by explicit values in a dedicated manner.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
However, the entries themselves that you will find in the REPORT field are important for the re-creation of a permission concept.
A prerequisite for this solution is that a signature certificate exists for your SAP system, in whose certificate list the certificate authority certificate - or certificates - of your users have been imported.