Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
Our services in the area of SAP authorizations
The background to the mass presence of authorization objects in a PFCG role after a role menu has been created is usually the mass of generic OP links that are not actually necessary for the CRMBusiness role. The existence of proposed values from the transaction SU24 loads the proposed authorisation values associated with the respective external services into the PFCG role, which results in too many unnecessary authorization objects being placed there. By excluding the GENERIC_OP_LINKS folder, you only need to take care of the external services and their authorization objects configured in the CRM business role in your PFCG role. For a user to have all the necessary permissions, you now assign the basic role with the permissions to the generic operating links and the actual role that describes the user's desktop.
If you do not maintain the values or set them to a value other than YES, the role menus of the reference user will not be taken into account when setting up the user menu. The two switches are system-wide; It is therefore not possible to define a specific shape for the client. If you set both switches to YES, you will not be able to tell from the user menu entries whether they are from the reference user's or user's role menus. Reference users have another benefit: You can also use it to inherit the contractual user type. A user inherits the classification of the reference user if they do not have any other role or profile mappings with classification, or if they have not been classified manually.
A concept for SAP authorizations prevents system errors and DSGVO violations
Since the role menu has been adjusted, the PFCG role must now also be adjusted. To do this, go to the Permissions tab and select the Change Permissions Data button. If you are using Expert mode, make sure that the Alten Stand default is read and match with new data. Now the new suggested values for this external service are loaded. After you have maintained the PFCG role, you can generate the profile and insert it immediately.
You will also notice that many tables have the table permission group &NC& assigned to them, and therefore differentiation over table permission groups over the S_TABU_DIS authorization object would not work at all. Furthermore, you cannot assign permissions to only individual tables in a table permission group using S_TABU_DIS. In such cases, the investigation shall continue: If the permission check on the S_TABU_DIS authorization object fails, the S_TABU_NAM authorization object is checked next. Allows you to explicitly grant access to tables by using the table name.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
This message is sent because the password status information of the default users is highly security relevant and you should be able to track the accesses.
In contrast to storing passwords in the form of hash values, the user ID and password are transmitted unencrypted during the login of the client to the application server.