Use AGS Security Services
Object S_BTCH_ADM (batch administration authorization)
In the IT sector, we have to face new challenges every day. New technologies require us to act accordingly in order to always keep the current system landscape up to date, to strengthen our position on the market and, of course, to gain a technological edge over other competitors. This is also reflected in the corresponding SAP system landscape. Read in the two-part blog series why an authorization concept should be considered as early as possible in a project phase - especially when converting to SAP S/4HANA.
Now check the SY-SUBRC system variable. If the value is 0, the Permissions Check succeeded. If the value is 4, the test did not pass. At a value of 8, there is an inconsistency in the definition of the authorization object and the verification in the code - this should not happen! If the value is 12, the permission is not part of your permission buffer.
Which challenges cannot be solved with authorization tools alone?
SAP's FI module is one of the most common in the SAP world and covers all business processes in the area of finance and accounting. The processes that run through this module are used for double-entry bookkeeping and recording of documents in the required accounts. It also establishes the associated profit determination for external and internal purposes.
All external services for cross-navigation are stored in the role menu in the GENERIC_OP_LINKS folder. In addition to this information, this folder also contains external services that represent the already mentioned area start pages and logical links. You can delete the latter, as these are duplicates from the other folders or non-relevant external services. Now, to set up correct permissions for the non-manageable external services in the GENERIC_OP_LINKS folder, you can identify the external services you need for your CRM business role and delete all other external services. However, as I said, there is a risk that too many external services will be deleted and cross-navigation or calling the saved searches will no longer work. It is better to move the GENERIC_OP_LINKS folder to a separate role.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Some useful tips about SAP basis can be found on www.sap-corner.de.
This accumulation is bound to result in users being able to perform more actions than you would like as the permission administrator.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
For collective unlocking, you only want to select users with an administrator lock.