Customise evaluation paths in SAP CRM for indirect role mapping
Understanding SAP HANA Permissions Tests
The authorization objects are attached by analogy to the forecast and item-based reports. The authorization objects of the item-based reports are checked in addition to the authorization objects for the information system when the report is selected. There is a trick in maintaining the CO-PA-specific authorization objects, because a once selected result area is set for the entire session of your login. This is of course hindering the maintenance of authorization objects for different result areas. Therefore, simply change the result area in the Customising window using the following path: Controlling > Income and market segment accounting > Structures > Set result area.
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
Maintain authorization objects more easily
The other fields in the SMEN_BUFFC table describe the structure of the favourites, where the OBJECT_ID field is the unique key of the favourite entry. In the PARENT_ID field, you will find the parent item's object ID, and the MENU_LEVEL field describes the level of the entry in the favourite folder structure. You can read the order in which the favourite entries are sorted from the SORT_ORDER field.
Now switch to User Care and you will find that this PFCG role is not yet assigned to your user. To do this, you must first perform the user master synchronisation. You can perform this manually via the transaction PFUD or schedule it as a job. The background job PFCG_TIME_DEPENDENCY or the report RHAUTUPD_NEW is intended for this.
Authorizations can also be assigned via "Shortcut for SAP systems".
For simplicity, we want to explain this example by using the PFCG_TIME_DEPENDENCY background job.
The handling of the emergency user should also be specified in the authorization concept, which should be documented in writing.