Maintaining Authorization Objects (Transaction SU21)
Handle the default users and their initial passwords
If the FIORI interface is then used under SAP S/4HANA, the additional components must also be taken into account here. Authorizations are no longer made available to the user via "transaction entries" in the menu of a role. Instead, catalogs and groups are now used here. These are stored similar to the "transaction entries" in the menu of a role and assigned to the user. However, these catalogs must first be filled with corresponding tiles in the so-called "Launchpad Designer". It is important to ensure that all relevant components (tile component and target assignment component(s)) are always stored in the catalog. The FIORI catalog is used to provide a user with technical access to a tile. A corresponding FIORI group is used to make these tiles visually available to the user for access in the Launchpad.
You can schedule background jobs in the SM36 and SA38 transactions, but also in a variety of application transactions. It is important to know that special permissions are not necessary for the installation, modification, etc. of your own jobs. An exception is the release of background jobs; it is protected by a permission. Permissions are also required for the activities on other users' background jobs, and the following authorization objects are available in SAP backend processing: S_BTCH_JOB controls the access rights to other users' jobs. S_BTCH_NAM allows you to schedule programmes under a different user ID. S_BTCH_ADM grants parent permissions that are usually only required by administrators.
Maintain transaction start permissions on call CALL TRANSACTION
Are you using SAP NetWeaver Business Client instead of SAP GUI? The arrangement of the applications on the screen is controlled by PFCG roles. The SAP NetWeaver Business Client (NWBC) is an alternative to SAP GUI for access to SAP applications. This allows you to centrally access applications that reside in different SAP systems and have different UI technologies. The NWBC enables you to call not only transactions, but also Web-Dynpro applications and external service applications. In this tip, we will show you how to use PFCG roles to control the design of the NWBC user interface.
In the area of group consolidation, an authorization concept ensures that no data can be deliberately manipulated, for example to change balance sheets. This can prevent significant financial or reputational damage to banks and stakeholders. Furthermore, access to financial data of subdivisions of a group, such as individual business units or companies, must be restricted to those employees who are allowed to access it because their current activities require it. As a result, a controller of a business unit, for example, can only view the consolidated figures of his business unit, but not the figures of the entire group. Further authorization roles are required, for example, for external auditors. These auditors check all the figures for the entire group, but may only have read access to this data.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The former checks whether authorization checks are present in the source code at all.
Here eCATT can make your life easier.