Authorization concept - user administration process
Customise evaluation paths in SAP CRM for indirect role mapping
The implementation of the time-space validation checks is carried out as an additional time-space filter. For selection criteria outside the valid time period, the message "Not authorised to display data from this time period" appears. However, if the selection criteria are partially within the valid time period, the documents that are outside the time period will be filtered out by the system without the user receiving a notice. In the example shown in the above figure, users of the BP-NRW Verifier Group would be left without comment when calling the vendor list for the period 01.01.2010 to 31.12.2014. This system behaviour can be somewhat irritating.
As a result, you will get an advanced IMG structure, in our example FF Log settings, which you can access via the transaction SPRO. Finally, you could use the transaction COAT (see SAP Note 1089923) to assign additional attributes to your own tables and reports, for example. For example, this could be relevant for the tax audit and final reports or performance critical.
Create order through role-based permissions
Confidential information from your SAP system can also be sent by email. Make sure that this data is only transmitted encrypted. Your SAP system contains a lot of data, which is often confidential. This can be business-critical or personal data or even passwords. It happens again and again that such data must also be sent by e-mail. Therefore, make sure that this information is always encrypted and signed if necessary. Encryption is intended to ensure the confidentiality of the data, i.e. that only the recipient of the e-mail should be able to read it. The digital signature serves the integrity of the data; the sender of an e-mail can be verified. We present the configuration steps required for encryption and provide examples of how to encrypt the sending of initial passwords. There are two ways to encrypt and sign emails in the SAP system: via SAPconnect, via a secure third-party email proxy.
You can use the function block level permission check by setting the FUNC value in the RFC_TYPE field in the S_RFC authorization object. If you still want to allow function groups, specify the value FUGR here. Depending on the RFC_TYPE field, type the name of the function block or group in the RFC_NAME field (name of the RFC object to be protected). This extension of the test is provided by the correction in SAP Note 931251.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The website www.sap-corner.de offers many useful information about SAP basis.
Some core elements of the authorization concept to be created can be defined in advance.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Adjust the method if you want to read the email address from another source.