Prevent excessive permissions on HR reporting
Coordinate authorisation management in customer-owned programmes
Custom programmes should be protected with permissions, just like standard applications. What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed. For your programmes, you should create custom permissions checks by default and manage them accordingly.
The evaluation of the licence data via the ZBV with the report RSUSR_SYSINFO_LICENSE provides a result list with the following contents: Contractual User Type - This column contains the actual local user types from the ZBV subsidiary systems. Value in Central - This column contains the central user type from the ZBV that is stored for the respective subsidiary system to the user.
Transactional and Native or Analytical Tiles in the FIORI Environment
Further changes can be found when using the proof of use. When you click on the button (proof of use), you will receive a new selection. You can check which permissions, SU24 suggestion values, or SU22 suggestion values the authorization object uses. The ABAP-Workbench selection, as in previous releases, provides you with the proof of use for implementing the authorization object in programmes, classes, and so on. You can use the SAP NEW Data button to mark whether this authorization object is relevant to an SAP New role of a particular release.
Compiling and identifying external services in the role menu of CRM business roles is tricky. We show you how to bring order to external services. In SAP Customer Relationship Management (SAP CRM), the role concept is based not only on PFCG roles, but also on CRM business roles. These roles are created in customising and enable the presentation of CRM applications in the SAP CRM Web Client. In order for a user to work in SAP CRM, he needs both CRM business roles that define the user interface and the respective PFCG roles that entitle him to work in the applications. The CRMD_UI_ROLE_PREPARE report identifies and lists all external services defined in the customising of the CRM business role. These are displayed in the role menu of the PFCG role. You will notice, however, that the displayed services represent only a small part of the external services in the role menu.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can also graphically evaluate these changes via an end-to-end analysis in SAP BW; contains information on the number of changes per system, the type of changes and the modification date.
The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept.