Evaluate Permission Traces across Application Servers
Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
The security of an SAP system is not only dependent on securing the production system. The development systems should also be considered, since here it is possible to influence the productive system via changes to be transported in the development environment and in customizing or via inadequately configured interfaces. Depending on the conceptual granularity of responsibilities in the development and customizing environment, more detailed authorization checks may need to be performed.
Behind this RFC connection is a Trusted-RFC connection in the ERP system of the system landscape with the naming convention *_RFC. We recommend that you keep the name of the RFC connection for each ERP system in the system landscape and only change the connection data in the RFC connections. You do not need to customise your PFCG roles for the development, test, and production environments. Note that when mixing the single reel with the reel collectors, you will need to maintain the RFC connection in the roll menu of the pulley!
Customise evaluation paths in SAP CRM for indirect role mapping
This role is now available for you to assign to users. As a design-time object, you can transport this role via the HANA-owned Transport Service (HALM) or via the SAP Solution Manager with the CTS+ extension. After transport to the target system, this role is activated as a runtime object. You can assign HANA roles via both SAP HANA Studio and SAP Identity Management.
Additional checks should be performed on document transactions in specific processes. This may be necessary, for example, when booking via interfaces in customer-owned processes, if the booking is to be possible only under certain conditions or on certain accounts.
Authorizations can also be assigned via "Shortcut for SAP systems".
However, you have the possibility to perform a simulation of the mixing process via the button Mix.
With the changes mentioned in note 1702113, the S_BTCH_ADM object can be used to restrict the authorization assignment more precisely.