Assign SAP_NEW to Test
User Information System SUIM
Run step 2a (automatic synchronisation with SU22 data). In this step, the data of the transaction SU22 of the new release will be transferred to the transaction SU24. If there is a change or difference in applications (changed check marks, suggestions, field values, or new or deleted authorization objects), the USOB_MOD or TCODE_MOD table of the MOD_TYPE is set to M. With SAP Note 1759777, a selection is offered for step 2a, with which this step can be simulated. Another option, Delete Flags for applications with modified data, is offered to apply the new changes only if Step 2a is executed selectively.
You can implement the first request for additional verifications when performing document transactions by using document validation. In this example, we assume that the document is posted through an interface and that you want to check permissions for custom authorization objects and/or certain data constellations. There are different dates for document validation. The complete document can always be validated, if only the information from document header (time 1) or document position (time 2) is available to you, this can also be sufficient depending on the scenario. In such cases, you need to create validation at the appropriate times. Before you can write a User-Exit in a validation, you have to make some preparations.
Unclear responsibilities, especially between business and IT
A prerequisite for the indirect assignment of PFCG roles is a well-maintained organisational model. This may correspond to a line organisation consisting of organisational units to which posts are assigned. Use an organisation chart to visualise the employee structure of the company or department for which you are to assign roles. Assign to the posts the people to whom a user is assigned as an attribute. In addition, you can also include other objects from HR organisation management, such as the posts describing the post and assigning roles.
In addition to SAP book recommendations on SAP authorizations, I can also recommend the books from Espresso Tutorials such as "SAP Authorizations for Users and Beginners" by Andreas Prieß * or also the video tutorial "SAP Authorizations Basics - Techniques and Best Practices for More Security in SAP" by Tobias Harmes. Both are, among other media, also included in the Espresso Tutorials Flatrate, which I have also presented in more detail under SAP Know How.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
By clicking on such a component, the user gains access to certain CRM functions.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
A developer should not rely on the functionality of the SE97 transaction and therefore should include the possible permission checks in the code.