Implementing CRM Role Concept for External Services
Perform upgrade rework for Y landscapes permission proposal values
The SAP administrator uses the concept to assign users their dedicated authorizations. Behind these is a checking mechanism based on so-called authorization objects, by which the objects or transactions are protected. An authorization object can comprise up to ten authorization fields. This allows complex authorization checks that are bound to several conditions.
To do this, first define what information should be checked. In the SU20 transaction, verify that the required fields may already exist as permission fields. If you want to check custom fields, you must create your own permission fields in the transaction SU20. Please pay particular attention to the (F4) help provided. When defining customised permission fields, you assign a name in the Field Name field that is in your Customer Name Room and assign the corresponding data element and, if desired, a table name for a value help. The next step is to create your own authorization object and assign your permission fields and, if necessary, default permission fields. If you use the ACTVT field to validate the activity, you must use the Activities allowed button to select the activities that you want to validate from the source code of your programme. For recommendations on the naming conventions for authorization objects, see SAP Note 395083.
Set password parameters and valid password characters
An SAP security check focuses in particular on the assignment of authorizations. This is what enables users to work with the SAP system in the first place, but it can, under certain circumstances, unintentionally add up to conflicts over the separation of functions or even legally critical authorizations. For this reason, tools for technical analysis must be used regularly to provide the status quo of authorization assignment and thus the basis for optimization.
In order to perform an operation in the SAP system, several authorizations may be required. The resulting interrelationships can become very complex. In order to nevertheless offer a procedure that is manageable and easy to handle, the SAP authorization concept was implemented on the basis of authorization objects. Several system elements to be protected form an authorization object.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
You must apply the adjustment manually in the PFCG role.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
This does not have to be the case, because a central evaluation is possible! There are licence fees for using SAP systems, and you need SAP licence keys.