Bypass Excel-based Permissions Traps
Organisationally restrict table editing permissions
A far more elaborate way is the identification via the business roll customising. Here you first identify the technical name of the area start page or the logical link in the customising of your business role in the CRMC_UI_PROFILE transaction. If you have an area start page, check the technical name of the corresponding logical link. The next step is to switch to the navigation bar customising in the transaction CRMC_UI_NBLINKS and identify to the technical name of your logical link the corresponding target ID in the View Define logical link. If you use the target ID as the search parameter in the CRMC_UI_COMP_IP table, you will get the information about component name, component window, and inbound plug as the search result.
It is essential to implement adequate authorization checks in every ABAP development. For this purpose, the so-called AUTHORITY-CHECK is used, which queries the required authorization object characteristics and thus only allows authorized users to execute the code.
Maintain generated profile names in complex system landscapes
Giving permissions to specific functions that are called in SAP CRM through external services requires some preliminary work. Users working in SAP CRM use the SAP CRM Web Client to invoke CRM capabilities. For this to work smoothly, you must assign a CRM business role to the user, which provides all the CRM functionality necessary for the user. If the role should only allow access to certain external services, regardless of the customising (or only to the external services specified in the customising), it becomes a little trickier. All clickable elements in the SAP CRM Web Client, such as area start pages or logical links, are represented by CRM UI components. These UI components are, technically speaking, BSP applications. By clicking on such a component, the user gains access to certain CRM functions. These UI components are represented in the roles as external services. You must explicitly allow access to these UI components through PFCG roles, similar to the permissions for access to specific transactions.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
The profile parameter is set in transaction RZ10.
This is advantageous when individual background processing or activities are not executed correctly and the cause is suspected to be missing authorizations.