Installation of SAP milieus
SAP Screen Personas
To configure the SAL, please use transaction RSAU_CONFIG (formerly SM19) as of SAP Release 7.50. It is recommended to activate the cross-user logging with minimum settings and to record all audit classes for users with extensive authorizations, such as SAP standard and emergency users. These settings should always be configured on a cross-client basis.
For the authorisation requirement of a user, the transactions with user assignment already awarded should be determined accordingly, in order to be able to exclude them when selecting a suitable role. How does this work? There are various ways to identify specific user-assigned transactions, with varying degrees of result. The following article presents two variants. The first section first describes how to use SUIM to address the problem and what problems are encountered. It then explains how the task can be solved by using the transaction SE16N. As in the previous blog post Identifying all transactions of multiple roles, the roles Test_Schmidt1 and Test_Schmidt2 are used for this. Two of the transactions MM01, MM02, MM03 and MM04 were assigned to these roles in different ways. In the Test_Schmidt1 role, the transactions MM01 and MM02 were entered in the Role menu. In the Test_Schmidt2 role, the transaction MM03 was maintained in the menu of the role, but the transaction MM04 was maintained only in the S_TCODE permission object of the role. Both roles have been assigned to the user SCHMIDT_TEST. Identification of certain transactions with user assignment using SUIM This option is useful if only one transaction is to be checked for its existing assignment to a particular user. The audit is carried out here by means of the transaction SUIM. For this purpose, the variant "Roles according to complex selection criteria" has to be executed in the SUIM. After activating the option "With valid assignment of", the corresponding user and the transaction to be checked will be entered here. It is also recommended to hide the display of the collection roles in the search results.
Planning & design of the system architecture
In order for the stored business logic of an application to be executed correctly, the executing user must also have the necessary permission objects in the flow logic of the OData services in his role. If Authority Checks are performed here, e.g. to query or change data on the backend server, the corresponding role must be authorised. These permissions are expressed in a role by permission objects, as in any ABAP report. If you follow these steps, your Launchpad users should have the Fiori permissions necessary to launch the launchpad, view all relevant tiles, and run the specific apps with their business logic.
On www.sap-corner.de you will also find useful information about SAP basis.
We take over the complete maintenance management for you and ensure that your SAP installation is always up to date. As a certified SAP Gold Partner and PCoE (Partner Center of Expertise), we can provide you with all the SAP licenses you need. We advise you on the possible licensing models and only provide you with the licenses you actually need.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
Further contents are the basic communication technologies: IDoc, RFC, http and SOAP.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
A simple example of such rules is the use of the SAP_ALL profile.