Map roles through organisational management
You have now successfully recorded the blueprint. Now the slightly trickier part follows: The identification of the values to be changed at mass execution. In the editor of your test configuration, at the bottom of the text box, is the record you have created: TCD ( PFCG , PFCG_1 ). Double-click the PFCG_1 interface. On the right, a new detail with the recording details appears. Now you have to look for your input a bit. For example, use the role name entered on the PFCG entry screen (field name 'AGR_NAME_NEW'). Now comes an important step: Replace the values you entered during the recording with a placeholder, a so-called input parameter. To do this, go to the VALIN line and type any parameter name, such as ROLLENNAME, instead of the role name you entered. Click Enter and you will be asked what type of parameter it is. Specify Import and confirm with Yes.
If the security advice change affects normal programme flow, you should schedule application tests. If only exceptional treatments are adjusted, you can omit or severely limit the test.
Understanding SAP HANA Permissions Tests
Custom programmes should be protected with permissions, just like standard applications. What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed. For your programmes, you should create custom permissions checks by default and manage them accordingly.
Entry into role maintenance requires the transport permission (S_USER_AGR, ACTVT = 02) in addition to the modification permission (S_USER_AGR, ACTVT = 21). If role recording requires creating new transport jobs or tasks, you need permissions to the transport objects (e.g. S_TRANSPRT with TTYPE = CUST or TASK and ACTVT = 02).
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
For a representative period, a minimum of 14 months and a maximum of 24 months shall be sufficient.
The survey programme (transaction USMM), the results of which you transmit to SAP, serves this purpose.