Add external services from SAP CRM to the proposal values
Installing and executing ABAP source code via RFC
All permission checks are issued in table form as an ALV list. You can sort or filter this list by column. Furthermore, all the new features of the transaction ST01, which we listed at the beginning of this tip, have been applied for evaluation. Double-clicking on a authorization object will direct you to the authorization object definition, and double-clicking on the transaction will direct you to the programme location where the permission check is performed. For more tips on how to use this trace, see Tip 32, "Maintain permission values using trace evaluations," and Tip 39, "Maintain suggestion values using trace evaluations.".
The daily business of an authorization administrator includes the checks and analyses of critical authorizations and combinations in the system. The focus is on users and roles in the respective clients and system rails. The SAP standard report RSUSR008_009_NEW is suitable for this purpose. You must first create corresponding check variants and authorization values for critical authorizations or combinations either using the program itself or transaction SU_VCUSRVARCOM_CHAN. These then correspond to your internal and external security guidelines. You can then run the report with your respective check scope and the corresponding critical authorization or combination variant and check in which roles or users such violations exist. This serves to protect your entire IT system landscape and should be carried out periodically.
SAP systems: Control user authorizations with a concept
Do the permissions for a self-developed UI component for the SAP CRM Web Client always have to be maintained manually? Not necessarily - if you define them as suggested values for external services. If you have developed your own UI components in the Customer Name Room in SAP CRM and you want to authorise them via the default process, i.e. create a role menu for a PFCG role using the CRMD_UI_ROLE_PREPARE report, you must do some preliminary work. When you run the report, you will notice that the external services for your own developments are not present and therefore do not appear in the role menu. The only way to qualify your UI components is to manually maintain the UIU_COMP authorization object. However, you can maintain your own UI components as external services with suggestion values in the SU24 transaction and take advantage of this information in PFCG role maintenance.
After successful implementation of your permission check, the new authorization object for your application must be maintained in transaction SU24. If your solution is distributed in other system landscapes, the authorisation proposals in the transaction SU22 are maintained. In addition, with the permission proposal value maintenance, you can make sure that the new authorization object is not forgotten in a role system, because it is now loaded automatically into the PFCG role when the application is called up via the role menu. In the final step, the permission administrator can create the PFCG role or must remix the existing PFCG roles.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
How do I merge the user menu from different roles or disable it altogether? How can the generated passwords be adapted to your needs? How can you automatically perform user master matching after role assignments via the PFCG transaction? And how can you prevent assignments from being transported from users to roles? We'll show you how to make these settings.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
To do this, select a verification number or create a new audit.