Solution approaches for efficient authorizations
Concept for in-house developments
A mass rolling out of rolls is a very useful thing. It is also possible to use Excel-based data - as in the case of the outlined application case with eCATT - because it is a one-time action for the roles considered and SAP standard programmes are used in the background. However, ongoing maintenance of the permissions system, with continuous changes to roles and their detail permissions, requires the mapping of much more complex operations. An exclusive control over Office programmes should be well considered. This does not mean, of course, that there are not very good partner products for the care of roles. Simply verify that SAP standard procedures are used and that authorisation is managed in accordance with SAP best practices.
In everyday role maintenance, you often have to change the permission data of a single role again after you have already recorded the role in a transport order along with the generated permission profiles. In this case, you have previously had to create a new transport order because the table keys of the generated profiles and permissions are also recorded for each individual role record, but are not adjusted for subsequent changes in the role data.
Controlling file access permissions
We recommend that you implement all safety instructions of priority very high (1) and high (2) directly. On the other hand, you can implement medium (3) and low (4) security advisories via support packages, which you should also include regularly. If you are unable to insert a support package at the moment, SAP will also provide you with the priority 3 and 4 security advisories. For the evaluation of the security advisories, you should define a monthly security patch process.
In the FIORI environment, there are basically two different types of access via a tile. One is the transactional tiles and the other is the native or analytical tiles :
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Over the value assistance (F4) can be called partially the available functions fields to these field.
You can see these flags in the USOBT_C and USOBX_C tables.