Map roles through organisational management
Module
Create a function block in the Customer Name Room. You can choose the supplied SAMPLE_INTERFACE_00001650 as the template. For us, it has proven itself, in the name of the new function block, the name BTE and the number of the template (here: 1650).
The handling of organisational levels in PFCG roles wants to be learned. If these are maintained manually, problems arise when deriving rolls. We will show you how to correct the fields in question. Manually maintained organisational levels (orgons) in PFCG roles cannot be maintained via the Origen button. These organisational levels prevent the inheritance concept from being implemented correctly. You can see that organisational levels have been maintained manually when you enter values via the Ormits button, but the changes are not applied to the authorization object.
Activity level
In the only method of the BAdIs, CHANGE_ITEMS, programme the necessary checks, such as on specific data constellations or permissions. These can refer to all fields in the FAGLPOSX structure. You do this by specifying that all lines for which the test was not successful will be deleted during the execution of the method. This implementation of the BAdIs complements the Business Transaction Event 1650 described in the second example. You can also use the FB03 transaction to display receipts in the same way that you implement the FB03 filter. In this case, implement the required checks in the BAdI FI_AUTHORITY_ITEM.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
If you select the SU24 Data Initialisation button, step 1 is the same and you overwrite your SU24 data with the SU22 data for the selected applications. The Auto Sync selection corresponds to step 2a. All new SU22 data will be transferred to the transaction SU24. Modified SU24 data is detected and must be matched manually. However, this information is provided to you in the Determined Synchronisation Status column. If you want to keep your SU24 data as it is for certain applications, select the button Set Status"Verified". To give you more transparency about the impact of your activities, there is a role usage proof via the Roles button. This allows you to check the roles in which the selected applications are used. With the Change Preview selection, you can see which suggestion values would be changed for your selection in the transaction SU24.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
This ensures consistency between the role's permission data and its profile data.
Here you can view and customise suggestion values for all types of applications, such as SAP GUI transactions, RFC building blocks, or Web Dynpro applications.