Grant permission for external services from SAP CRM
Authorization Analysis
For an up-to-date description of the eligibility tests in the EWA, see SAP Note 863362. Updates to these checks are provided by keeping the ST-SER software component, which contains the definition of checks to be performed, up to date and enabling the automatic content update in the SAP Solution Manager.
Cybersecurity is a broad field. Starting with the technical infrastructure of companies and extending to the business processes in SAP systems. Such projects must be well planned and prepared. We have already seen some negative examples of companies that wanted too much at once and then "got it wrong." When it comes to securing business processes in particular, it is important to ensure that the employees affected are picked up and involved. Therefore, use a risk analysis to select the topics and processes that should be at the top of the list when securing.
Permission implementation
A new transaction has been added to evaluate the system trace only for permission checks, which you can call STAUTHTRACE using the transaction and insert via the respective support package named in SAP Note 1603756. This is a short-term trace that can only be used as a permission trace on the current application server and clients. In the basic functions, it is identical to the system trace in transaction ST01; Unlike the system trace, however, only permission checks can be recorded and evaluated here.
This report checks the customising of the CRM business role for which the PFCG role is to be created, and writes all area start pages and logical links to a text file in the form of external services. This text file is stored locally in the SAP folder under c:/User//SAP. On the Menu tab of the PFCG role, you can upload this text file from File by selecting Menu > Import.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
In case of queries, they can use this basis to explain exactly why someone has been given a certain authorization.
To make changes to the table logger, you must have the same permissions as the SE13 transaction to customise, so you must have the appropriate permissions for all tables to modify.