Lack of know-how
FAQ
Until now, there were no ways to define different password rules or password change requirements for these users. Today, this is possible with the security guidelines that you assign to users and clients. In the following we will show you how to define security policies and how they work.
The downloading of the table must be monthly. You can also make downloading easier; Frank Buchholz presents programmes that you can use in his blog (see http://wiki.scn.sap.com/wiki/display/Snippets/Show+RFC+Workload+Statistic+to+build+authorizations+for+authorization+object+S_RFC). Optionally, the next step is to identify function groups for the function blocks. You can find them in the AREA field of the ENLFDIR table. However, we recommend granting permissions at the function block level, because function groups often contain a large number of function blocks and the accessibility is expanded unnecessarily.
Using suggestion values and how to upgrade
The indirect role assignment uses the evaluation paths PROFLO and PROFLINT for assigning the PFCG roles to the corresponding users. However, these evaluation methods ignore the object CP (central person), which represents the business partner in SAP CRM. In transaction PFUD, which provides for the user comparison, the evaluation paths US_ACTGR and SAP_TAGT are used. Again the object CP is not known.
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
If the FIORI interface is then used under SAP S/4HANA, the additional components must also be taken into account here.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
This report checks the customising of the CRM business role for which the PFCG role is to be created, and writes all area start pages and logical links to a text file in the form of external services.