Grant permission for external services from SAP CRM
In-house role maintenance
Package Privileges permissions: Package Privileges are permissions that control access to development packages in the SAP HANA database. Packages contain design-time versions of objects that can be transported with this package via a delivery unit and thus made available to other systems.
In addition, you can also define customised permission checks in the SOS and also define combinations of authorization objects and their values. You can create up to 1,000 custom permissions checks in the Check ID namespace 9000 to 9999. You can also redefine whitelists for these permission checks, which apply to either individual or all of the customer's permission checks. The configuration is described in SAP Note 837490.
SAP Authorizations - Overview HCM Authorization Concepts
In SAP systems you always have the possibility to integrate custom developments. In such extensions or your own programmes, you must implement permission checks and may also create your own authorization objects. You can also supplement authorisation checks in standard transactions if the existing checks do not cover your requirements.
The authorisation trace is a client- and user-independent trace. The results of this trace are written in the USOB_AUTHVALTRC table and can also be viewed in the STUSOBTRACE transaction by clicking the Evaluate button. This trace data can be used by developers to maintain the permission proposal values in the transaction SU22 (see also Tip 40, "Using the permission trace to determine suggested values for custom developments").
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
For example, queries against the P_TCODE, Q_TCODE, or S_TABU_DIS authorization objects.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
One of these reports, the RSUSR010 report, shows you all executable transactions for a user, role, profile, or permission.