System Users
Translating texts into permission roles
Furthermore, automation is possible with the help of a customer-specific ABAP programme. To do this, you should take a closer look at the AGR_TEXTS table. The table contains the different text blocks in different languages. Here we show you a section of the table with our example role Z_SE63. Short texts are assigned a value of 00000 in the column LINE, and long texts are assigned a value of 00001 to 0000x. The language keys are displayed in the SPRAS column. An ABAP programme now allows you to write the counterparts for the text fields in the target language into the fields in the tables.
You can automate the translation of the texts by using the LSMW transaction. This transaction is intended for migration tasks, but is also very well suited to allow a particular transaction to be repeated and automated. You record the execution of a transaction and get the variables of the text blocks (technical role name, role description, etc.). You can add values from an import file based on Microsoft Excel to each flow loop. For example, the Excel file contains a table with the columns Technical role name, description German, description English. The LSMW script works through the import file line by line and thus role by role.
SAP FICO Authorizations
SAPconnect uses the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for signing when sending emails or for verifying and decrypting received emails. S/MIME is supported by most email clients and requires X.509-based certificates.
For an authorization concept, a clear goal must first be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective SAP system must fulfill and the associated authorization concept must take into account. In this way, the legal framework conditions are defined. In addition, uniform naming conventions should be used because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. Clearly defined responsibilities ensure the effectiveness of a concept. Specific persons must be named or at least roles defined in a separate section. A chapter should be dedicated to the process for user management. Here, it must be described how users obtain existing SAP authorizations, how new users are integrated into the SAP system, and who is responsible for approving authorizations. The chapter on the process for authorization management defines who is allowed to create and edit which roles and who is responsible for the development of various related processes. The chapter on special authorizations describes processes and special features in the area of non-dialog operations. These include job management and interface convention. Other administrative authorizations can also be described. The chapter on role concept explains how business requirements are transferred to a technical role. The role concept takes on a special significance, since it describes the actual mapping of business roles to the technical roles and thus to the authorizations in SAP.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
We show you how to create customising permissions for individual projects or project views, thereby limiting access.
Depending on the authorisation tracking procedure, the SAP_NEW permission can be assigned to any user in a development and quality assurance system immediately after the technical system upgrade.