Define a user group as mandatory field in the user root
Security within the development system
In addition to defining permissions for external RFC access through the S_RFC authorization object, it is possible to prevent external calls to function blocks. From SAP Net-Weaver AS ABAP 7.40 there is the additional SAP Unified Connectivity (UCON) layer. It controls external access to RFC function blocks independently of users or roles and can be configured to suit your needs. All function modules that are to be executable via RFC are entered into the UCON Communication Assembly. If a function block is not stored there, the call will be blocked. UCON has been designed to minimise impact on RFC call performance. The necessary function blocks are identified in the UCON Phase Tool (transaction UCONPHTL), which constantly monitors all external RFC calls and supports an introduction of the UCON Communication Assembly. This allows calls to new function blocks (such as custom developments, support package changes) to be analysed and, if necessary, released for external access. In addition, UCON offers the possibility to review the configuration in an evaluation phase. There are approximately 40,000 RFC-enabled function blocks in an ERP system; Usually no more than a few hundred of them are used. With the use of UCON you therefore increase the security of your system.
With the help of the transaction SU22, the software developers can deliver their application with the appropriate authorization objects. After the transfer of the data from the transaction SU22 to the tables from the transaction SU24, the role developer may further process the proposed values with the transactions SU24 or SU25 for use in the transaction PFCG. Please also refer to the SPA 1539556.
Service User
A major advantage of SAP SuccessFactors is flexibility. Different project teams can implement and use several modules, processes or add-ons in a short time. The processes can be optimized again and again. A central basis for extensively digitized processes are structured specifications that regulate system access and control access rights. In this context, SAP offers the concept of role-based authorizations. Role-based SAP authorizations grant different groups of people different options for action and views in the system, e.g., regulate access to salary data. Role-based authorizations are flexible and facilitate global implementations of SAP SuccessFactors, e.g. in different national companies. Once implemented, roles and their authorizations can be quickly rolled out to the new region. The roles do not have to be completely reconfigured each time. Slight adjustments are all that is required.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
In this table you can enter both specific passwords (e.g. your company's name) and patterns for passwords (e.g. 1234*).