Unclear responsibilities, especially between business and IT
Include customising tables in the IMG
You can schedule background jobs in the SM36 and SA38 transactions, but also in a variety of application transactions. It is important to know that special permissions are not necessary for the installation, modification, etc. of your own jobs. An exception is the release of background jobs; it is protected by a permission. Permissions are also required for the activities on other users' background jobs, and the following authorization objects are available in SAP backend processing: S_BTCH_JOB controls the access rights to other users' jobs. S_BTCH_NAM allows you to schedule programmes under a different user ID. S_BTCH_ADM grants parent permissions that are usually only required by administrators.
You can use authorization objects to restrict access to tables or their content through transactions, such as SE16 or SM30. The S_TABU_DIS authorization object allows you to grant access to tables associated with specific table permission groups. You can view, maintain, and assign table permission groups in transaction SE54 (see Tip 55, "Maintain table permission groups"). For example, if an administrator should have access to user management tables, check the permission status using the SE54 transaction. You will notice that all the user management tables are assigned to the SC table permission group.
Encrypt e-mails
Are you using SAP NetWeaver Business Client instead of SAP GUI? The arrangement of the applications on the screen is controlled by PFCG roles. The SAP NetWeaver Business Client (NWBC) is an alternative to SAP GUI for access to SAP applications. This allows you to centrally access applications that reside in different SAP systems and have different UI technologies. The NWBC enables you to call not only transactions, but also Web-Dynpro applications and external service applications. In this tip, we will show you how to use PFCG roles to control the design of the NWBC user interface.
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The authorizations required for table access via database tools depend on the respective system configuration and should be verified via an authorization trace (transaction STAUTHTRACE), if necessary.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Only the fields that can be assigned a value range within a role are meaningful.