Role Management
Equal permissions
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system - both externally and internally.
When programming your permission check, always check the SY-SUBRC return code and define what should happen in the event of a non-successful permission check, i.e. if SY-SUBRC is not equal to 0. In most cases, an error message occurs and the programme is cancelled.
SAP FICO Authorizations
The report PRGN_COMPRESS_TIMES provides a remedy. You can call it directly or in the edit mode of a PFCG role in the PFCG transaction via Tools > Optimise User Mapping.
If, after an upgrade or after inserting a support package, you have used the SU25 transaction with steps 1 or 2a to bring suggested values to the latest SAP system state, you must restore the suggested values to the customer's organisation levels with the PFCG_ORGFIELD_UPGRADE report. To do this, you must run the report for each field, with the report's search engine showing only the affected organisation levels.
Authorizations can also be assigned via "Shortcut for SAP systems".
Permission checks are also performed on self-developed applications.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
The tests in this User-Exit are relatively free.