Statistical data of other users
Most client programmes are additions to the standard functionalities or variations of the same. Therefore, when you create your own programmes, you can follow the eligibility checks of the standard programmes or reuse the permissions checks used there.
For table logging, it must be ensured that SAP® Note 112388 (tables requiring logging) is fully implemented and that all tables containing financially relevant data are also included in the logging. Of course, this also applies to all Z-tables! As last point of the important parameter settings are those for the definition of the password settings. Here, it should be ensured that the parameters are also set up in accordance with the company's specifications. However, the check should not only focus on the global settings that are valid for all users, but should also include all those users who have been assigned their own security policies. Especially for these, an appropriate justification must be available in writing.
Do not assign SAP_NEW
For a call of transactions from SAP ERP from the SCM system to work, the RFC connection to be called for each ERP transaction must be maintained. To do this, click the More node details button and select the Target system item.
Note that the S_TCODE authorization object is always filled with the current transactions from the roles menu. If organisational levels are also included that are no longer required, they will be automatically deleted. If, however, organisational levels are added depending on the transaction, they should be maintained first in the eligibility maintenance.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The introduction of authorization tools takes some time, but should nevertheless be tackled by companies in order to increase efficiency in the long term and save costs at the same time.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Once you have edited the role menu, you can customise the actual permissions in the PFCG role.