Authorization objects of the PFCG role
Check Profit Centre Permissions in FI
Until now, there were no ways to define different password rules or password change requirements for these users. Today, this is possible with the security guidelines that you assign to users and clients. In the following we will show you how to define security policies and how they work.
If you have defined the roles to the extent that the essential processes are depicted, then you will technically check which organisational features they contain (organisational levels, but also cost centres, organisational units, etc.). You then compare the technical result with the result from the consideration of the structure organisation and the business role description. A likely result is that you do not have to use all technical organisational features for differentiation. A possible result is that you want to add fields such as the cost centre to the organisation level.
Query Data from Active Directory
If you want to use reference users and use the User menu, you should also ensure that users also see the role menus associated with reference users. To do this, enter the corrections in SAP Note 1947910. They include two switches for customising in the SSM_CUST table.
Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.
Authorizations can also be assigned via "Shortcut for SAP systems".
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
A simple example of how to play this behaviour without an upgrade scenario is changing the role menu.
Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values.