Controlling file access permissions
Authorization tools - advantages and limitations
The difficulty in assigning permissions to the S_DATASET object is determining the correct values for the FILENAME and PROGRAMME fields. If you have not specified a path in the FILENAME field, only the files in the DIR_HOME directory will be allowed.
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
Authorization concept of AS ABAP
Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values. Authorizations allow users to perform actions within the system.
The customising parameters in the table PRGN_CUST control the password generator in the transactions SU01 and SU10. The values of the profile parameters override the customising parameter entries to prevent invalid passwords from being generated. If the value of a customising parameter is less than the value of the corresponding profile parameter, the default value of the customising parameter is drawn instead. The same is true if no value is maintained. You can exclude certain words or special characters as passwords by entering them in the USR40 table. In this table you can enter both specific passwords (e.g. your company's name) and patterns for passwords (e.g. 1234*). '*' stands for any number of additional characters (wild card) and '?' for any character. However, when maintaining the USR40 table, note that the number and type of entries affect performance.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
This allows calls to new function blocks (such as custom developments, support package changes) to be analysed and, if necessary, released for external access.
For information on the validity of the PFCG_ORGFIELD_ROLES report, see SAP Note 1624104.