Extend permission checks for documents in FI
Use SAP_NEW correctly
Make your IMG projects more secure. We show you how to create customising permissions for individual projects or project views, thereby limiting access. With the SAP Implementation Guide (IMG), there is a tool that allows you to customise your SAP system to suit your business needs. You can manage access to projects in the IMG via customising permissions and thus limit the user circle. You grant the members of an SAP project team the permissions they need to support the project. Below we show you how to create customising permissions by mapping to the IMG projects.
The AIS cockpit is currently in pilot delivery without SAP default audit structures. Once these are available, they are listed in SAP Note 1856125. Prior to the re-conversion of the AIS to thematic audit structures, the AIS standard roles of the role-based care environment were copied into the customer name space and assigned to the users. You can also use the AIS default roles as a template for custom area menus.
THE "TOP SEVEN"
Here, the authorizations are either derived from the role menu (through the authorization default values (transaction SU24) or can also be edited manually in expert mode. The individual authorization objects are divided into object classes. For example, the object class AAAB (cross-application authorization objects) contains the authorization object S_TCODE (transaction code check at transaction start) with the authorization field value TCD (transaction code).
Users of your Web applications should have access to the applications that correspond to their particular business roles. You can use the S_START authorization object to map this request in the PFCG roles. Applications based on SAP products offer users different access methods, of which the use of SAP GUI with application-related SAP transactions is to be called "classic". In Web applications, application interfaces are represented in a Web browser. Not only transactional processes, but also the display of results from data analyses or static facts should be supported. The SAP transaction model, which controls access through the S_TCODE authorization object, does not meet these requirements.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
The data owner now checks whether the person making the request and the person to be authorized are at all authorized to do so, what data would be affected, whether an SAP user already exists to whom new roles can be assigned and old ones revoked, whether data access can be limited in time, and so on.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
The Saved Checks button also gives you access to this information afterwards.