In the transaction, select SU10 by login data of users
Change management
The role menu of the PFCG role now consists of folders that represent all logical links within a scope start page, and external services that represent the logical links and the area start pages themselves. This means that any external service listed in the Role Menu is eligible for a Area Start Page or Logical Link. If such an external service is removed from the role menu and the PFCG role is generated, the user of this PFCG role does not have permissions to view this external service (see screenshot next page). You will find duplicate, maybe even triple, entries from external services. These are mainly found in the folders of the homepage and under GENERIC_OP_LINKS. You can delete them without any concern, because an external service for a permission must appear only once in the Role menu. For a better overview, it is also useful to rename the external services or folders as they are shown in the SAP CRM Web Client.
Finally, we would like to draw your attention to SAP Note 1781328, which provides the report PFCG_ORGFIELD_ROLES_UPD. This report enables a mass update of existing role derivations. However, you do not use the concept of the organisational matrix, but you have to store the new organisational values directly when the report is called. Therefore, this function requires a high degree of understanding for the adjustments that are running in the background and is therefore only available as a pilot note. This means that this message must be explicitly requested via a customer message and only then will SAP support release it for you if necessary. It is not currently planned to make the information generally available via a support package.
Dialogue user
When pasting permission field values from the Clipboard, the values are added to the existing entries. You must also separate the value intervals when inserting with the help of the tab stop. If permissions for the individual values do not exist for maintenance, they are rejected, i.e. not taken over. The Insert function from the Clipboard is also available in the dialogue box for maintaining the organisation levels. The Copy to Clipboard and Paste from Clipboard functions are not available if you maintain field values that allow only the selection of fixed values. For example, this is the case in the Activity field.
It is easier to specify the programme name in the PROGRAM field because the maximum value of 40 characters is the limit for programme names in the SAP NetWeaver application server ABAP. If it is a function block or a Web application, you can obtain the programme name by using the System Trace for Permissions (transaction ST01 or transaction STAUTHTRACE). In the SPTH table, you can define access rights for paths and whether you want to perform an additional permission check on the S_PATH object.
Authorizations can also be assigned via "Shortcut for SAP systems".
Learn how to configure it to monitor the operations that are relevant to you.
Any error in the authorization system falls within the remit of a company's data protection officer.