SAP FICO Authorizations
Which challenges cannot be solved with authorization tools alone?
You can greatly facilitate the maintenance of permissions in controlling by defining the RESPAREA field as the organisational level, and thus using your cost centre and profit centre hierarchies. In the SAP system, you can define cost centre hierarchies and profit centre hierarchies. For example, they can map the expiration organisation or a matrix organisation in your company. To facilitate the mapping of permissions for the controlling reports, you can grant permissions to nodes in those hierarchies. You can do this by assigning permissions through the RESPAREA field, which is used in certain authorization objects in the controlling. We would like to facilitate the creation of roles for these permissions by explaining to you which activities are necessary in advance to define the RESPAREA field as an organisational level.
Transaction SE63 allows you to translate a variety of text in the SAP system. You can find the texts relevant to the permission roles by going to the Translation > ABAP Objects > Short Texts menu. In the Object Type Selection pop-up window that appears, select the S3 ABAP Texts node and select the ACGR Roles sub-point. You can now select the role in the following screen. You must note that the system expects the client to be prefixed, and the next step allows you to maintain the chunk in the target language. The variable AGR_TEXTS 00002 corresponds to the description of the role and the variable AGR_HIERT_TEXT 00001 corresponds to the description of the transactions contained therein. After you have saved the entry, the description of the role is also maintained in the target language, in our example in the English language and visible after the login. Select the source language correctly in the field.
Define security policy for users
For each form of automated derivative of roles, you should first define an organisational matrix that maps the organisational requirements. To do this, you must provide data on each organisation in a structured form.
When creating the PFCG individual roles in the respective SAP system, you should create the menu structure so that they can be combined with other individual roles in a single role. Once you have created the individual roles with the correct role menu, you can assign them to a collection role. Add the Role Menu to the Collect Roll using the Read Menu button. The menu can now be finally sorted. If changes to the roll menu are necessary, however, you must first make them in the individual rolls and then remix them in the roll roll (using the Mix button, see figure next page above). Transactions from other SAP systems such as SAP CRM, SAP SCM etc. can also be integrated into the NWBC. To do this, you first create the PFCG role for the relevant transactions in the target system. From the individual roles you can create collection roles with a defined menu structure.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
You will find that no values are maintained.
Of course, this has implications if you want to upgrade a field to the organisation level.