SAP S/4HANA® Launch Pack for Authorizations
SAP S/4HANA: Analysis and simple adjustment of your authorizations
In order to be able to execute subsequent SAP standard reports, you need authorizations to access certain programs or reports and in the area of role maintenance. The transactions "SA38" and "SE38" for executing programs are of particular importance. They enable a far-reaching system analysis by means of certain programs for the end user. Additional rights associated with this, which can go beyond the basic rights of administrators, have to be controlled by explicit values in a dedicated manner.
Once a permission concept has been created, the implementation in the system begins. On the market, there are solutions that create PFCG rolls based on Microsoft Excel in the blink of an eye. You should, however, take a few things into account. Have you defined your roles in the form of role matrices and your organisational levels (orgés) in the form of organisational sets (orgsets)? All of this is stored in Excel documents and now you want a way to simply pour this information into PFCG rolls at the push of a button, without having to create lengthy role menus or then derive large amounts of roles, depending on how many organisational sets you have defined?
Customise evaluation paths in SAP CRM for indirect role mapping
When were which changes made to a role (PFCG)? In the PFCG, click on Utilities > View Changes in the menu at the top to view the change documents. You will see a detailed list of which user made which change to which object and when.
In principle, all eligibility fields can be upgraded to the organisational level; there are, however, technical exceptions and fields where this is not useful. Technically, the fields that are in the context of testing the startup capability of an application are excluded, i.e. the fields of the S_TCODE, S_START, S_USER_STA, S_SERVICE, S_RFC, S_PROGRAM and S_USER_VAL authorization objects. In addition, you cannot elevate the ACTVT field to the organisation level. Only the fields that can be assigned a value range within a role are meaningful. This must of course be considered across the board for the authorisation concept. For example, fields that have more than one meaning, such as the Authorisation Group (BEGRU), are not suitable for material management. The PFCG_ORGFIELD_CREATE report allows you to define a permission field as an organisation level. The report enters the field in the USORG table, changes the permission proposal values to that field, and performs all the roles that have a shape in the field.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You cannot increase the retention time afterwards; Therefore, you should adjust the configuration in good time before starting a project.
You must check this assignment after installing Support Packages or upgrades and reassign the reports if necessary.