Conclusion and outlook
Permissions with Maintenance Status Used
Are you using SAP NetWeaver Business Client instead of SAP GUI? The arrangement of the applications on the screen is controlled by PFCG roles. The SAP NetWeaver Business Client (NWBC) is an alternative to SAP GUI for access to SAP applications. This allows you to centrally access applications that reside in different SAP systems and have different UI technologies. The NWBC enables you to call not only transactions, but also Web-Dynpro applications and external service applications. In this tip, we will show you how to use PFCG roles to control the design of the NWBC user interface.
Look closely at the security advisory so that you can identify the affected programmes or functions and schedule appropriate application tests. Use a test implementation in the SNOTE transaction to identify additional SAP hints that are required for a security advisory and may also contain functional changes.
Authorization concepts in SAP systems
If your users are allowed to share their own background jobs, you need the JOBACTION = RELE permission to the S_BTCH_JOB object. In this case, you can start all jobs at the desired time. In many cases, background jobs are used for the professional or technical operation of applications; Therefore, we recommend that you schedule these background jobs under a System-Type technical user (see also Tip 6, "Note the impact of user types on password rules"). The advantage of this is that the permissions can be controlled more accurately and you do not run the risk of a job being lost if the user under whom it was scheduled to leave your company once. You can realise the association with a system user by giving the user who plans the job permission for the S_BTCH_NAM object. In the BTCUNAME field, the name of the step user, i.e. the user under whom the job should run, such as MUSTERMANN, is entered.
Further changes can be found when using the proof of use. When you click on the button (proof of use), you will receive a new selection. You can check which permissions, SU24 suggestion values, or SU22 suggestion values the authorization object uses. The ABAP-Workbench selection, as in previous releases, provides you with the proof of use for implementing the authorization object in programmes, classes, and so on. You can use the SAP NEW Data button to mark whether this authorization object is relevant to an SAP New role of a particular release.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The setting of the modification flag used to determine the proposed values to be matched is imprecise.
For example, you can log failed RFC calls system-wide, delete users, or log all activities of the default user, DDIC.