SAP Authorizations Permissions checks - NW Admin

Direkt zum Seiteninhalt
Permissions checks
Activity level
The AIS cockpit is currently in pilot delivery without SAP default audit structures. Once these are available, they are listed in SAP Note 1856125. Prior to the re-conversion of the AIS to thematic audit structures, the AIS standard roles of the role-based care environment were copied into the customer name space and assigned to the users. You can also use the AIS default roles as a template for custom area menus.

Do the permissions for a self-developed UI component for the SAP CRM Web Client always have to be maintained manually? Not necessarily - if you define them as suggested values for external services. If you have developed your own UI components in the Customer Name Room in SAP CRM and you want to authorise them via the default process, i.e. create a role menu for a PFCG role using the CRMD_UI_ROLE_PREPARE report, you must do some preliminary work. When you run the report, you will notice that the external services for your own developments are not present and therefore do not appear in the role menu. The only way to qualify your UI components is to manually maintain the UIU_COMP authorization object. However, you can maintain your own UI components as external services with suggestion values in the SU24 transaction and take advantage of this information in PFCG role maintenance.
For the configuration, you must first enable encryption and, if necessary, signing in the SAPConnect administration. To do this, go to Settings > Outgoing Messages > Settings on the Signing & Encryption tab of the SCOT transaction. Note that the activation only enables the encryption or signature of emails; whether this is actually done always controls the sending application.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.

Now maintain the permissions and organisation levels. If possible, use organisational level values in the note, which you can find well in other numbers later on, i.e. about 9999 or 1234. After generating and saving the role, you will be returned to eCATT. There you will be asked if you want to accept the data and confirm with Yes. You have now successfully recorded the blueprint. Now the slightly trickier part follows: The identification of the values to be changed at mass execution. In the editor of your test configuration, the record you created is located at the bottom of the text box. We can now execute the test script en masse with any input. We need a test configuration for this. In the example Z_ROLLOUT_STAMMDATEN, enter a corresponding name and click the Create Object button. On the Attribute tab, specify a general description and component. On the Configuration tab, select the test script you created earlier in the corresponding field. Then click the Variants tab. The variants are the input in our script. Since we do not know the format in which eCATT needs the input values, it is helpful to download it first. To do this, select External Variants/Path and click Download Variants. A text file is now created under the appropriate path, containing the desired format with the input parameters. Open the data with Microsoft Excel and set your target value list. To do so, delete the line *ECATTDEFAULT. In the VARIANT column, you can simply use a sequential numbering. Save the file in text format, not in any Excel format.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

See SAP Note 1763089 for information on the system requirements and support packages you need to access the new feature.

On the right, a new detail with the recording details appears.
Zurück zum Seiteninhalt