SAP Authorizations Authorization objects of the PFCG role - SAP Corner

Direkt zum Seiteninhalt
Authorization objects of the PFCG role
Conclusion and outlook
Changes in customizing and various security-relevant changes, such as the maintenance of RFC interfaces, can be viewed via table change logs. This authorization should only be given to an emergency user.

Which users have a specific role (PFCG)? To answer this question you start with the transaction PFCG - the mother of all transactions in the environment of SAP roles and authorizations. Select a role and click on the "Users" tab.
Use Custom Permissions
The second example requires additional permission checks to display certain documents in the FBL*N transactions. This can be achieved by means of the expression and activation of a function block in the BTE, the so-called processes and events. The sample function module BTE for the event 1650 can be found in the FIBF transaction in the area of Publish-&-Subscribe interfaces (Environment > Information System (P/S)). The sample function module is basically used to enrich data in the item display. To do this, he passes the complete record per document line and expects it to be enriched back. This is exactly what we are using.

In principle, a technical 4-eyes principle must be implemented within the complete development or customizing and transport process. Without additional tools, this can only be achieved in the SAP standard by assigning appropriate authorizations within the transport landscape. Depending on the strategies used, only certain transport steps within the development system should be assigned to users. When using the SAP Solution Manager ("ChaRM") for transport control, for example, only the authorizations for releasing transport tasks should normally be assigned here. The complete processing of a transport in the development system consists of four steps: Creating and releasing a transport request (the actual transport container), creating and releasing a transport task (the authorization for individual users to attach objects to the respective transport request).

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

Now it goes to the recording, in the eCATT language called patterns.

At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.


To do this, click the Permissions tab.
SAP Corner
Zurück zum Seiteninhalt