Apply User Management Solutions in SAP HANA
Controlling permissions for the SAP NetWeaver Business Client
Existing log files are managed using the SM18 transaction. Here you can delete the log files in all active instances. This requires the indication of a minimum age in days for deletion. The smallest possible value is three days, without taking the current day into account in the calculation.
When creating the permission concept, a naming convention is defined for PFCG roles. Every customer has his own preferences or specifications, which must be adhered to. According to our project experience, some naming conventions are particularly attractive. Naming conventions for PFCG roles can be very diverse. You will have noticed that even the roles provided by SAP do not correspond to a uniform naming convention. So there are roles whose names start with SAP_. There are also roles, such as for the SRM system, that start with the /SAPSRM/ namespace. In this tip we would like to give you some hints and criteria that you can use to help define a naming convention of PFCG roles.
Limitations of authorization tools
Excel-based tools typically do not know the release-specific suggestion values (they often work without the in-system suggestion value mechanism, because they do not use the PFCG transaction). This also means that it is not possible to upgrade rolls with standard SAP tools, such as the SU25 transaction. This also increases the dependency on the external tool, and the authorisation system is further removed from the SAP standard and the best practices recommended by SAP in role management.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
We will show you what pre- and post-processing is required to avoid data inconsistencies.