Debug ABAP programs with Replace
Detect critical base permissions that should not be in application roles
This solution is only available with a support package starting with SAP NetWeaver AS ABAP 7.31 and requires a kernel patch. For details on the relevant support packages, see SAP Note 1750161. In addition, the SAP Cryptographic Library must be installed; but this is ensured by the required kernel patch. Only if you have manually made a different configuration, you must check this requirement.
Note that the SAP_NEW_ individual profiles should be retained themselves, so that at any given time, traceability is ensured as to which release and which permission was added. For more information, see SAP Notes 20534, 28175, and 28186. SAP Note 1711620 provides the functionality of an SAP_NEW role that replaces the SAP_NEW profile. If you have added this note, the profile will no longer be used. Instead, you can generate your PFCG role SAP_NEW by using the REGENERATE_SAP_NEW report. When you call the report, in the source and target release selections, type in the appropriate fields, and the role is created for that release difference.
Starting Web Dynpro ABAP applications
Not all users should be able to log on to the application server during your maintenance? Use the security policy and a new profile parameter. When you are performing maintenance work on your SAP system, it is always necessary to prevent users from logging into the application server. This often excludes a small group of administrators who are still allowed to log on to the system. Until now, users had to be locked and the group of administrators excluded from this lock. This is now easier by using the security policy in combination with the login/server_logon_restriction profile parameter.
From release 10.1, SAP Access Control supports the creation of users and the assignment of roles and privileges in HANA databases. If you use the concept of business roles in SAP Access Control, you can achieve an automatic installation of the users in SAP NetWeaver AS ABAP and HANA database and the assignment of the ABAP and HANA technical roles (or privileges) when assigning a business role.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
We would like to give you some examples of critical permissions in this tip.
The Copy to Clipboard and Paste from Clipboard functions are not available if you maintain field values that allow only the selection of fixed values.