Best Practices Benefit from PFCG Roles Naming Conventions
Efficient SAP rollout through central, tool-supported management
Anyone who owns valuable personal property assumes responsibility for it - just like a landlord, for example. He decides whether changes need to be made to the building, whether privacy hedges need to be planted in the garden or whether superfluous old appliances need to be disposed of and, if necessary, has a new lock installed immediately if the front door key is lost. He may forbid visitors who are not relatives to enter the bedroom or the daughter to have a public party in the house.
Transaction PFCG also offers you the option of automatically collecting permissions. Not every transaction entered into a single role via a role menu necessarily needs its own permission entry in the permission tree, because some transactions have identical or similar permission proposal values.
A complicated role construct
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
Trace after missing permissions: Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
Authorizations can also be assigned via "Shortcut for SAP systems".
Typical criteria are operating system versions, kernel patch levels, and the status of specific transport jobs or security settings.
Up to now it was not possible to insert more than these seven lines at once from the clipboard.