SAP Authorizations Customise evaluation paths in SAP CRM for indirect role mapping - SAP Admin

Direkt zum Seiteninhalt
Customise evaluation paths in SAP CRM for indirect role mapping
What to do when the auditor comes - Part 2: Authorizations and parameters
Permissions profiles are transported in the standard (since release 4.6C) with the roles. If you do not want to do this, you have to stop the data export in the source system by the control entry PROFILE_TRANSPORT = NO. The profiles must then be created by mass generation before the user logs are matched in the target system. This can be done via transaction SUPC.

They have encountered a role that includes manually maintained organisational levels. Even if you correct the error manually in the role by manually deleting the manually maintained value of the organisation levels in the authorization object, the value in question is not drawn from the organisation level. The AGR_RESET_ORG_LEVELS report allows you to reset these values for the role. The manually maintained organisational data will be deleted, and only the values that have been maintained via the Origen button will be drawn.
Use Central User Management change documents
A temporary shutdown of Central User Management is usually not recommended. However, in certain cases it may be necessary. We will show you what pre- and post-processing is required to avoid data inconsistencies. In complex SAP landscapes where the Central User Administration (ZBV) is used, there may be cases where you want to temporarily remove a subsidiary system from the ZBV without having to delete this system or shut down the entire ZBV, for example if you want to create users in a subsidiary system at short notice.

When you mix roles, either after upgrading or during role menu changes, changes are made to the permission values. You can view these changes as a simulation in advance. As described in Tip 43, "Customising Permissions After Upgrading," administrators may see some upgrade work as a black box. You click on any buttons, and something happens with the permissions in their roles. For example, if you call step 2c (Roles to be reviewed) in the SU25 transaction, all roles will be marked with a red light, which requires mixing based on the changed data from the SU24 transaction. Once you call one of these roles and enter the Permissions Care, the permission values change immediately. Using the Alt, New, or Modified update status, you can see where something has changed, but you cannot see the changed or deleted values. A simple example of how to play this behaviour without an upgrade scenario is changing the role menu. Delete a transaction from a test role and remix that role. You are aware that certain authorization objects have now been modified and others have even been completely removed, but can't all changes at the value level be replicated? Thanks to new features, this uncertainty is now over.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

Some useful tips about SAP basis can be found on www.sap-corner.de.


Even if you correct the error manually in the role by manually deleting the manually maintained value of the organisation levels in the authorization object, the value in question is not drawn from the organisation level.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.


Re-load the role in the PFCG transaction if the application has already been rolled.
Zurück zum Seiteninhalt