Authorization objects of the PFCG role
Retain the values of the permission trace to the role menu
The default authorization roles of the new SAP system for consolidation and planning, SAP Group Reporting, are shown in the following graphic. It does not matter whether the system is accessed via the browser (Fiori Launchpad) or via local access (SAP GUI). The authorization roles shown in the graphic merely indicate the technical specifications preset by SAP. However, these can be used as a starting point and adapted accordingly after a copy has been created.
The SAP standard allows you to evaluate the statistical usage data via a standard function block. The call is made through the transaction SE37. Select here the function block SWNC_GET_WORKLOAD_STATISTIC. The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.
In the transaction, select SU10 by login data of users
Most client programmes are additions to the standard functionalities or variations of the same. Therefore, when you create your own programmes, you can follow the eligibility checks of the standard programmes or reuse the permissions checks used there.
With "SIVIS as a Service" we present you the best solution for central user and authorization management in SAP. This replaces and protects you from the development end of your central user administration (SAP ZBV). SIVIS offers over 20 functions that you can flexibly combine (SaaS model), e.g. over 1,000 role templates for S/4HANA! This means that a new authorization concept can be quickly implemented! The encrypted connection to your SAP systems enables secure distribution of all changes made in the SAP standard.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
In the first part on this topic, the focus was on the relevant processes and documentation.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
Without a permission check, the ABAP programme could unintentionally allow users to access system resources.