Grant spool jobs
Determine Permissions Error by Debugging
Do you also work in a complex system landscape where roles are decentralised? Then, inconsistencies can occur by transporting profiles from different systems to a target system. We'll show you how to prevent that. In the case of decentralised maintenance of eligibility roles, i.e. maintenance of roles in different systems or clients, there is a risk that the number sequences for the generation of eligibility profiles overlap. You can then generate profiles with the same name for different roles in different clients. As soon as you transport these eponymous permission profiles into a common target system, the profile will be overwritten by the newly imported profile and inconsistencies will arise. As a result, you may, for example, assign an ERP Permissions Role an SCM permission profile. This may result in a user assigned the ERP role not obtaining the required permissions or even too many permissions. You also have a problem if you want to use the permission profile to determine the source system and the client in which this profile was generated. This is not possible if the first and third characters of the SAP System ID (SID) and the number sequence for generating the permission profile match.
The function block was obviously not intended for this use, but our procedure does not affect the programme process and we are not aware of any limitations resulting from this use. You can also apply this procedure to other BTEs that pass data in a similar form. However, you should always exercise caution and check whether the application has already created sum records or whether there are other dependencies. Finally, you will need to create a product you have developed (you can define the name yourself) in the FIBF transaction and assign it to Business Transaction Event 1650 along with the customer's own function block, as shown in the following figure. A custom product may include several enhancements. It forms a logical bracket around the extensions and thus provides a better overview. In addition, it allows for a targeted activation or deactivation of the implementations.
Check the SAP authorization concept
If you want to maintain authorizations and profiles manually, you need to know all SAP authorization components in detail. When using the Profile Generator, on the other hand, you do not need such detailed knowledge. This considerably reduces the time and effort required to implement the SAP system.
In SAP systems, authorization structures grow over the years. If, for example, there is a restructuring in the company or there are new organizations, there is a risk that the authorization concept no longer fits or is implemented correctly.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Some useful tips about SAP basis can be found on www.sap-corner.de.
You're probably familiar with this.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs.