Extend permission checks for documents in FI
The permissions in the NWBC are handled as well as in the normal SAP Easy Access menu. For example, you can assign transactions and Web Dynpro applications to the individual and collection roles in a defined menu structure in the Role menu. The navigation structure of the NWBC reflects the menu structure and settings of the corresponding PFCG role assigned to the user. The folder structure of the Role menu directly affects the navigation bar that is displayed to the user in the NWBC.
Compiling and identifying external services in the role menu of CRM business roles is tricky. We show you how to bring order to external services. In SAP Customer Relationship Management (SAP CRM), the role concept is based not only on PFCG roles, but also on CRM business roles. These roles are created in customising and enable the presentation of CRM applications in the SAP CRM Web Client. In order for a user to work in SAP CRM, he needs both CRM business roles that define the user interface and the respective PFCG roles that entitle him to work in the applications. The CRMD_UI_ROLE_PREPARE report identifies and lists all external services defined in the customising of the CRM business role. These are displayed in the role menu of the PFCG role. You will notice, however, that the displayed services represent only a small part of the external services in the role menu.
Permissions and User Root Sets Evaluations
The high manual maintenance effort of derived roles during organisational changes bothers you? Use the variants presented in this tip for mass maintenance of role derivations. Especially in large companies, it often happens that a worldwide, integrated ERP system is used, for example, for accounting, distribution or purchasing. You will then have to limit access to the various departments, for example to the appropriate booking groups, sales organisations or purchasing organisations. In the permission environment, you can work with reference roles and role derivations in such cases. This reduces your administrative overhead for maintaining functional permissions and reduces the maintenance effort for role derivations to adapt the so-called organisational fields. However, maintaining the organisational fields can mean enormous manual work for you, as the number of role derivations can become very large. For example, if your company has 100 sales organisations and 20 sales roles, you already have 2,000 role outlets. Here we present possible approaches to reduce this manual effort.
Structural authorizations have a so-called root object, i.e. a starting point and an associated evaluation path. The organization chart of the company is stored in SAP HCM. This makes it possible to see how which positions are linked to each other. If a specific piece of information about an employee is required, it can be read out via a path. At the end there is a list of objects.
Authorizations can also be assigned via "Shortcut for SAP systems".
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Security policy always includes all security policy attributes and their suggestion values.
For example, if your administrator should not be able to access all tables associated with the SC table permission group, but only the USR02 table, do not grant permissions to the SC table permission group through S_TABU_DIS, but the S_TABU_NAM authorization object will be shaped as follows: ACTVT: 03 / TABLE: USR02.