Check current situation
SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
Furthermore, automation is possible with the help of a customer-specific ABAP programme. To do this, you should take a closer look at the AGR_TEXTS table. The table contains the different text blocks in different languages. Here we show you a section of the table with our example role Z_SE63. Short texts are assigned a value of 00000 in the column LINE, and long texts are assigned a value of 00001 to 0000x. The language keys are displayed in the SPRAS column. An ABAP programme now allows you to write the counterparts for the text fields in the target language into the fields in the tables.
The handling of organisational levels in PFCG roles wants to be learned. If these are maintained manually, problems arise when deriving rolls. We will show you how to correct the fields in question. Manually maintained organisational levels (orgons) in PFCG roles cannot be maintained via the Origen button. These organisational levels prevent the inheritance concept from being implemented correctly. You can see that organisational levels have been maintained manually when you enter values via the Ormits button, but the changes are not applied to the authorization object.
Restrict Application Server Login
In many distributed organisations, the Profit Centre is used to map out the distributed units. However, this was only possible for FI with additional programming. In integrated data flows in SAP ERP, the sending application usually does not check the authorization objects of the receiving application. Financial Accounting (FI) in SAP does not check permissions for cost centres and profit centres. However, depending on the case of use, this may be necessary, e.g. if distributed entities are to operate as small enterprises within the enterprise and only collect and view data for this particular unit at a time. With the introduction of the new general ledger, SAP has technically merged the financial accounting and the profit centre account, so that the question of the inclusion of profit centre allowances in FIs becomes even more important.
Manual addition of authorization objects to roles is sometimes necessary. However, the start authorizations for actions should be generated into the role exclusively via the role menu. For the following evaluations the table AGR_1251 is used, in which to the roles the authorization objects with their values are stored.
Authorizations can also be assigned via "Shortcut for SAP systems".
This allows existing programs in the backend to be explicitly checked for specific check patterns by the authorization administrator and any errors to be corrected by the relevant developers.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
Details of the configuration can be found in the SAPHinweis 510007.