Perform upgrade rework for Y landscapes permission proposal values
Reset passwords using self service
Users of your Web applications should have access to the applications that correspond to their particular business roles. You can use the S_START authorization object to map this request in the PFCG roles. Applications based on SAP products offer users different access methods, of which the use of SAP GUI with application-related SAP transactions is to be called "classic". In Web applications, application interfaces are represented in a Web browser. Not only transactional processes, but also the display of results from data analyses or static facts should be supported. The SAP transaction model, which controls access through the S_TCODE authorization object, does not meet these requirements.
In compliance with the minimum principle and the separation of functions, the roles used must be defined, along with specifications for their naming, structure and use. Close attention should also be paid to the application and allocation process in order to prevent authorization conflicts, which arise primarily as a result of employees' changing or expanding areas of responsibility.
Permissions with Maintenance Status Used
Roles reflect access to data depending on the legitimate organisational values. This information should be part of the naming convention, as these roles differ only in their organisational but not in their functional form.
The permissions in the NWBC are handled as well as in the normal SAP Easy Access menu. For example, you can assign transactions and Web Dynpro applications to the individual and collection roles in a defined menu structure in the Role menu. The navigation structure of the NWBC reflects the menu structure and settings of the corresponding PFCG role assigned to the user. The folder structure of the Role menu directly affects the navigation bar that is displayed to the user in the NWBC.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
We recommend that you run the SU24_AUTO_REPAIR correction report before executing the transaction SU25 (see tip 38, "Use the SU22 and SU24 transactions correctly").
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
This can be achieved by means of the expression and activation of a function block in the BTE, the so-called processes and events.