Customise evaluation paths in SAP CRM for indirect role mapping
Controlling permissions for the SAP NetWeaver Business Client
If you want to maintain authorizations and profiles manually, you need to know all SAP authorization components in detail. When using the Profile Generator, on the other hand, you do not need such detailed knowledge. This considerably reduces the time and effort required to implement the SAP system.
Administrative activities are used to control system behavior and make various security-relevant settings. To minimize the risk of a system failure or the creation of a security vulnerability, administrative rights should only be granted to employees in the basic administration. The following list may be supplemented by suggestions from the company's own administration. It contains only the most important authorization objects for each subject area.
In-house role maintenance
In order to avoid inconsistencies during the release of the transport order, all the roles on the order will be blocked during release. If roles cannot be locked, the job release fails. You can see the reason for the failed share and the cause of other errors in the transport log.
In the FIORI environment, there are basically two different types of access via a tile. One is the transactional tiles and the other is the native or analytical tiles :
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
There are several security features in the SAP standard, such as user management, authentication and encryption capabilities, web service security features, and the various authorisation concepts.
However, the preferred and more comprehensive variant of a programmatic permission check is the use of the AUTHORITY_CHECK_TCODE function block.