Installing and executing ABAP source code via RFC
Grant permissions for SAP background processing
The general SAP authorizations are used most often and for many things they are sufficient. For example, if only the HR department has access to the SAP HCM system. However, if other users come onto the system and you only want to allow them access to a limited number of personnel, then in the case of the general authorizations you have to deal with the organization key of infotype 1 (VSDK1), which must be hard-coded into the authorization roles. If ESS/MSS or Manager Desktop etc. now come into play, however, this means a large number of authorization roles, namely a separate one for each manager. This makes maintenance and servicing very time-consuming and your authorization concept becomes opaque, which in turn brings the much-quoted auditor onto the scene.
Giving permissions to specific functions that are called in SAP CRM through external services requires some preliminary work. Users working in SAP CRM use the SAP CRM Web Client to invoke CRM capabilities. For this to work smoothly, you must assign a CRM business role to the user, which provides all the CRM functionality necessary for the user. If the role should only allow access to certain external services, regardless of the customising (or only to the external services specified in the customising), it becomes a little trickier. All clickable elements in the SAP CRM Web Client, such as area start pages or logical links, are represented by CRM UI components. These UI components are, technically speaking, BSP applications. By clicking on such a component, the user gains access to certain CRM functions. These UI components are represented in the roles as external services. You must explicitly allow access to these UI components through PFCG roles, similar to the permissions for access to specific transactions.
Implementing Permissions Concept Requirements
The Enable Transport Recording button allows you to save the changes in the roles on a transport order. For information on the validity of the PFCG_ORGFIELD_ROLES report, see SAP Note 1624104.
Privileges control the use of all objects and data contained in the HANA database. In order to use an application, you typically have to assign many different types of privileges to a user. In order to be able to take into account the complex relationships in the allocation of the privileges actually needed in a manageable way, privileges in SAP HANA are bundled into roles. In our example, the role MODELING in the role SAPT04_CONTENT_ACTIVATION is included. In SAP HANA, it is possible to assign a role to multiple roles as well as to multiple roles. This way, complex role hierarchies can be put together.
Authorizations can also be assigned via "Shortcut for SAP systems".
This limitation of access programmes already represents a security gain, even if you do not want to restrict access to paths and files.
Complex permission checks can also be performed adequately for the parameterized use of CALL TRANSACTION.