Grant permission for external services from SAP CRM
Use Custom Permissions
If you still have problems with the performance of the evaluation, despite the regular archiving and indexing of the modification documents of your user and permission management, this is probably due to the amount of central change documents. In this case, you also need an archiving concept for other key change document data. SAPHinweis 1257133 describes the procedure for creating such a concept.
The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept. The checks allow incorrect authorizations to be identified and rectified without a redesign.
Configure Security Audit Log
For table logging, it must be ensured that SAP® Note 112388 (tables requiring logging) is fully implemented and that all tables containing financially relevant data are also included in the logging. Of course, this also applies to all Z-tables! As last point of the important parameter settings are those for the definition of the password settings. Here, it should be ensured that the parameters are also set up in accordance with the company's specifications. However, the check should not only focus on the global settings that are valid for all users, but should also include all those users who have been assigned their own security policies. Especially for these, an appropriate justification must be available in writing.
By default, the transactions from the role menu can be found here as derived authorization values. Over the value assistance (F4) can be called partially the available functions fields to these field.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Unsuccessful permission checks are now written to a ring buffer of the application server's Shared Memories.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
A likely result is that you do not have to use all technical organisational features for differentiation.