Customise evaluation paths in SAP CRM for indirect role mapping
Assignment of roles
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.
Add missing modification flags in SU24 data: This function complements the modification flag for entries that have changed since the last execution of step 2a in the transaction SU25, i.e., where there is a difference to the SAP data from the transaction SU22. The flag is thus set retrospectively, so that no customer data is accidentally overwritten with step 2a due to missing modification flags.
Add New Organisation Levels
Authorization tools are a great help in designing a highly automated compliance management system that precisely fits the company's own requirements. The introduction of authorization tools takes some time, but should nevertheless be tackled by companies in order to increase efficiency in the long term and save costs at the same time.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
Here you can view and customise suggestion values for all types of applications, such as SAP GUI transactions, RFC building blocks, or Web Dynpro applications.