Managed Services
Grant permission for external services from SAP CRM
What's New from System Trace for Permissions! Here, features have been added that make recording and role maintenance much easier. Permission values in PFCG roles are maintained and debugging requires the use of the system trace for permissions. In the past, SAP customers have asked for more ease of use, since the trace evaluation is sometimes confusing.
In order to perform an operation in the SAP system, several authorizations may be required. The resulting interrelationships can become very complex. In order to nevertheless offer a procedure that is manageable and easy to handle, the SAP authorization concept was implemented on the basis of authorization objects. Several system elements to be protected form an authorization object.
How to analyze roles and authorizations in the SAP system
You have developed applications yourself and would like to maintain suggestion values for them? The easiest way to do this is with the help of the permission trace. Permission checks are also performed on self-developed applications. These applications must therefore be included in the PFCG rolls. If they are maintained in a role menu, you will notice that in addition to the start permissions (such as S_TCODE), no other authorization objects are added to the PFCG role. The reason for this is that even for customer-specific applications suggestion values must be maintained to ensure that the PFCG role care runs according to the rules and to facilitate the care for you. Up to now, the values of customer-owned applications had to be either manually maintained in the PFCG role, or the suggested values maintenance in the transaction SU24 was performed manually.
There may be other objects associated with the site that you can also assign a PFCG role to. As in our organisation chart, you can assign three different PFCG rolls to the user. You can assign the PFCG roles to either the organisational unit, the post or the post. In this hierarchy, you assign the user as the person of the post. The user is assigned to the person as an attribute and therefore not visible in the organisational model. An HR structure could be mapped via this hierarchy. Since the PFCG roles are not directly assigned to the user but to the objects in the Organisation Management and the user is assigned to the PFCG roles only because of his association with these objects, we speak of an indirect assignment.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
As a general rule, you should always run bulk transport sharing in the background.
Together with you, we develop suitable authorizations for your systems and processes.