Full verification of user group permissions when creating the user
Authorization objects of the PFCG role
Careful maintenance of suggestion values in the relevant authorization objects results in recurring benefits in creating and revising roles for Web applications. In addition, the SU25 transaction supports role post-processing in the context of SAPUpgrades.
Organisation levels ensure more efficient maintenance of the eligibility roles. You maintain them once in the transaction PFCG via the button Origen. The values for each entry in this field are entered in the permissions of the role. This means that you can only enter the same values for the organisation level field within a role. If you change the values of the individual fields in the authorization objects independently of the overarching care, you will receive a warning message that you will no longer be able to change this field by clicking the Ormits button and that this individual value will be overwritten when you adjust derived roles. Therefore, we strongly advise you not to carry out individual maintenance of the organisation level fields. If you adhere to this advice, as described above, there can always be only one value range for an organisation level field. For example, the combination of displaying all posting circuits and changing a single posting circle within a role cannot be implemented. Of course, this has implications if you want to upgrade a field to the organisation level. A field that has not previously served as an organisational level can include such entries with different values within a role. You must clean up these entries before you declare a field as an organisation level. In addition, the definition of a field as an organisational level also affects the proposed permissions values of the profile generator.
Translating texts into permission roles
If you do not see the Expert Mode button for step 2 in the SU25 transaction, check whether you can call the expert mode from the SU24 transaction by clicking the Sample Value Match button. In this view, it is possible to select the proposed values to be matched by specific selections, so that not all proposed values are used for matching. In the first selection, you can choose the data to take. You can select here whether only SAP standard applications or customer or partner applications should be considered. You can still limit the selection by type of application, package, or component shortcut in the Other Constraints pane. In the Application Search pane, you can also limit the SU22 data to an upload file, transport jobs, or role menus.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
In our eCATT test configuration, the prepared file can now be used to play the recording. Note that playback stops when we encounter an error in the PFCG transaction, such as when we try to create a role with the input values that already exist. To play, specify the file under External Variants in Test Configuration and click Run (F8). You will be given the opportunity to set some playback properties. Now, with Run, it starts. You will see some messages from the PFCG version at the bottom of the status bar and will end up with a summary of success (or failure if there were errors). We admit that eCATT is more complex to use than the transaction SU10. However, if you have used eCATT a few times, it is quite quick. Please always note that the basic mechanism is to play a recording and therefore other organisational levels (e.g. a third organisational level, which is in the dialogue before the work and the sales point) also require a different recording and editing.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Now go to https://www.dsag.de/go/leitfäden and search for "Best Practice Guide Development".
We will show you how you can get an overview of the well-maintained organisational units and see dependencies between the different organisational values.