Introduction & Best Practices
SAP license optimization
In these cases, the total permissions from the RFC_SYSID, RFC_CLIENT, and RFC_USER fields will not be applied. However, you will always see a system message. These constraints cannot be changed by the settings of the customising switch ADD_S_RFCACL in the table PRGN_CUST.
As in other systems, user maintenance and role/profile assignment must be restricted to the group of user administrators. In contrast to the previous systems, however, roles and profiles are maintained here, so that appropriate rights must be assigned to the role/profile administrators.
Dissatisfaction and unclear needs in the process
Our example role MODELING makes it clear that it is possible to assign different types of privilege to a role. The SAP HANA Studio shows you in the administration interface which user (the so-called grantor) has assigned the respective privilege to this role (granted). By filtering and sorting, you can optimise the appearance of the role content. Depending on the type of privilege, you will be presented with the appropriate details by selecting an entry.
Alternatively, you can maintain this information from the SE93 transaction by selecting a transaction first. You will then be presented with the list of all transactions that can be called from this transaction by using the Tools > Called Transaction Permission menu path. The implementation of SAP Note 1870622 provides a feature enhancement for the SE97 transaction. Among other things, there is the new button Modification Synchronisation. So far, changes in the SE97 transaction have been overwritten by inserting support packages or upgrades. With the modification comparison it is now possible to match your changes with the default values.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Protect your system from unauthorised calls to RFC function blocks from the S_RFC authorization object by obtaining the necessary permissions using the statistical usage data.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
System trace - Transaction: ST01 or STAUTHTRACE - There is also a system trace for an evaluation.