Best Practices Benefit from PFCG Roles Naming Conventions
Sustainably protect your data treasures with the right authorization management
If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549. The switch is NO, and you can switch it to ALL, so that the switch takes on the same functionality as in the higher releases.
If business partners are deposited to the user IDs, the standard evaluation paths lead to a dead end. Adjust it so that the indirect role mapping works anyway. In SAP CRM, you can set up an organisation management, as in SAP HCM. You can maintain organisational units and posts and assign business partners with their user IDs. In SAP CRM, however, there is the specificity that user IDs are not directly assigned to a job, but are usually indirectly assigned by the associated business partner. All persons and organisations involved in business processes are represented as business partners in SAP CRM.
Standard authorisation
The concept for in-house developments is obligatory for every company that writes its own software. It specifies requirements, for example, for the structure, naming and documentation of program components, and in particular for dealing with safety-critical aspects. The wording should not be too general, but should explicitly address the special features of programming in SAP.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
The S_RFCACL authorization object is removed from the SAP_ALL profile by inserting SAP Note 1416085.