SM49 External operating system commands
Prerequisites
This step is of fundamental importance for the SAP basis. It concerns both the inward-looking perception described in the marketing & self-understanding recommendation and the outward-looking perception in the form of a mission and vision.
In the following dialogue, select a TADIR service and the programme ID "R3TR" and the object type "IWSG". Now you can select the OData service stored on the front-end gateway. Then switch to the Permissions tab to generate the current profile of the permission objects with the new Fiori permission. Once you have performed these steps, the treated role has the necessary permissions on the front-end side. Fiori Permission to call the OData service on the backend server Now go to the role maintenance in the PFCG on the backend server. Open the appropriate role in Change Mode. Now you can repeat the steps for the frontend as explained above. However, when selecting the TADIR service as the permission proposal, you now select the object type "IWSV". Here you can select the OData service of the specific Fiori application stored in the backend.
What does TREX have to do with SAP Solution Manager?
As a user of the group, you cannot see tabs either. Now select the applications / tabs to which the group should be accessed (with CTRL you can select several) and select the Grant button. Note: Select the Grant drop-down menu using the button and not the drop-down menu! Use the drop-down menu to determine if and how far users of the group you are currently editing can make CMC tab configurations to other groups / users! Select Grant for the desired tabs. If you still do not see any applications/tabs, it is because the group/user lacks the generic display right at the top level of the respective tab. To do this, go to the desired tab (in the example is the universe), select Manage —> Top-Level Security —> All Universes (the last point differs depending on the tab). Confirm the hint that appears and assign at least the following right for the groups you want: General —> General —> Objects View. Once this right is granted, the tab will also appear on the CMC home page. You can then see the tabs on the CMC home page.
User name without restrictions - critical? Depending on the release of the SAP_BASIS component in your system, invisible special characters may end up in the user name. This is especially critical if only spaces or alternate spaces are used for the user name when creating a new user. In Unicode systems, "alternative" spaces, so-called "wide spaces", can be used in addition to the normal space character (hexadecimal value 20). For example, the key combination "ALT+0160" can be used to insert non-breaking spaces. If a user is now created whose user name consists exclusively of such alternative spaces, this can be confusing. This is because entries for this user ID do appear in change documents, but the impression is created that the entry was created by a non-existent / deleted user. This circumstance can lead to confusion. In addition, certain special characters in the user name can also lead to errors, for example in the Change and Transport System (CTS). This is because the user name is also used in the CTS-ORG to create a file with the same name in the transport directory. Furthermore, there are letters/characters that look identical in different alphabets, but have a different hexadecimal value in the character set. This means that confusion in user names cannot be completely ruled out. Seemingly identical user names then stand for different users.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
This should only be done restrictively to prevent manipulation at the production level.
From a purely technical point of view, each generated authorization role contains a profile from which a user receives the actual authorization objects and authorization characteristics.