Bypass Excel-based Permissions Traps
SAP Authorizations - A Common Perspective of Developers and Consultants
Native or analytical tiles: These tiles work exclusively in the FIORI interface and are adapted to the new technology. Here, for example, push messages are displayed on the tile, or key figures, diagrams, etc. are displayed, which can then be processed directly with a click. These tiles do not have direct GUI access, or cannot be used directly in the GUI environment. As mentioned above, access to these tiles is provided in a so-called front-end system via corresponding catalogs and groups. However, the underlying conceptual permissions (who is allowed to do what within the functionality of the tile) follows the same processes as in the "old world" for transaction access. The tile in the front-end needs here corresponding dependent distinctive authorizations (keyword: SU24 adjustment). In the back-end system, then again - analogous to the "old" world - about a role, which is built in the profile generator and maintained on object and field level, or set. Of course, topics such as updating internal and third-party tools, integrating cloud solutions, modern hybrid infrastructures, defining and operating ongoing dynamic changes, etc. must also be taken into account here.
The assignment of roles does not include any special features. Therefore, we only deal with the topics of time-space delimitation and logging. Time-space validation is implemented as an additional filter that runs after the usual permission checks. This additional filter logic works as follows: The first step is to check whether the user is entered in the tax verifier table (Table TPCUSERN, Configuration with the transaction TPC2). Only then will the further tests be carried out. If not, no additional checks will be carried out. The programme is then checked to see if it is included in the table of allowed programmes (table TPCPROG, configuration with the transaction TPC4). If the check is negative, the system cancels with a permission error. The time-space check is performed against the valid intervals in the table TPCDATA (configuration with the transaction TPC6). The time-space check works in context: In addition to the supporting documents of the audit period, older supporting documents are also included if they are still relevant for the audit period, such as open items that were booked in previous years but only settled in the audit period. Records that do not fall into the valid period according to the logic described above are filtered out.
Debug ABAP programs with Replace
In this case, please note that you may need to replace the SS table permission group with other table permission groups. This is required if you have entered a different table permission group when maintaining the table permission groups, for example, for the T000 table.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
The permissions in the NWBC are handled as well as in the normal SAP Easy Access menu.