Limit character set for user ID
Implementing Permissions Concept Requirements
If it is clear that a cleanup is necessary, the first step should be a detailed analysis of the situation and a check of the security situation. Based on these checks, a redesign of the authorizations can be tackled.
You can use the previously created organisational matrix to either mass create new role derivations (role derivation) or mass update role derivations (derived role organisational values update). For both scenarios, there are separate Web-Dynpro applications, in which you must select the corresponding reference roles.
Conclusion
Finally, the check logic provides for a row-level check within a table if you want to restrict access to the table contents depending on an organisational mapping. For example, if you want a user to view only the data from a table that affects the country where their work location is located, you must configure it accordingly. To do this, you define and activate organisation-relevant fields as an organisational criterion (see Tip 62, "Organisationally restrict table editing permissions"). To keep track of which users can access which tables, run the SUSR_TABLES_WITH_AUTH report. This report provides information about which user or single role has the S_TABU_DIS or S_TABU_NAM authorization objects. The result list shows all the authorised tables, their permissions, and their permission values.
In the IT sector, we have to face new challenges every day. New technologies require us to act accordingly in order to always keep the current system landscape up to date, to strengthen our position on the market and, of course, to gain a technological edge over other competitors. This is also reflected in the corresponding SAP system landscape. Read in the two-part blog series why an authorization concept should be considered as early as possible in a project phase - especially when converting to SAP S/4HANA.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
Finally, you could use the transaction COAT (see SAP Note 1089923) to assign additional attributes to your own tables and reports, for example.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
If such an external service is removed from the role menu and the PFCG role is generated, the user of this PFCG role does not have permissions to view this external service (see screenshot next page).