Edit Old Stand
Grant permissions for SAP background processing
In the SCC4 transaction, first check whether eCATT is allowed to run. Then start the SECATT transaction. As you get started, you can define and modify test scripts and test configurations. First, create a test script. Think of it as a blueprint or a flow rule for how to create new derived roles. The test script will contain your recording later. Give the script a talking name, such as Z_MASSENGERATION_DERIVATIVES. Then click the Create Object button. You will now go to the Attribute tab, where you specify the general frame data. Then click the Editor tab. Now it goes to the recording, in the eCATT language called patterns. Click the Pattern button and specify that you want to record the PFCG transaction by selecting the UIAncontrol and TCD (Record) settings. The system will propose to call the interface "PFCG_1"; You can simply confirm this. Confirmation of the dialogue will immediately start the recording; They therefore end up in the PFCG transaction. We want to record the creation of a single role derived from a reference role. Complete the appropriate steps in the PFCG transaction and try to avoid unnecessary steps - every step you take will make your recording bigger and less cluttered. Enter the name of the derived role - we can influence it later when playing with eCATT - and specify the role. Now assign the reference role. Note that the PFCG transaction is actually executed, so the role is actually created in the system! Now maintain the permissions and organisation levels. If possible, use organisational level values in the note, which you can find well in other numbers later on, i.e. about 9999 or 1234. After generating and saving the role, you will be returned to eCATT. There you will be asked if you want to accept the data and confirm with Yes.
After creating a authorization object, you should do the following: Make the permission check implementation at a convenient location in your code. Maintain the proposed values for the application in the transaction SU24. Re-load the role in the PFCG transaction if the application has already been rolled. If it is a new application, adjust the roles by including the new application in the Role menu, and then maintaining the permissions of the authorization objects loaded into the role by the suggestion values.
Search for user and password locks
Now the structure must be filled "with life". To do this, you must first create meaningful subfolders in the customer's own structure. As already mentioned, these are mostly based on the SAP modules. Make sure that you also set your customising for additional add-ons, so that later the work of support organisations is easier. Call the transaction SOBJ. There, you create customising objects that will later be reused in your IMG structure. It is useful to name the object exactly as the corresponding table. This simplifies the later maintenance in the IMG structure. Here you also decide whether and how the tables can possibly be maintained in the productive system. To do this, select the appropriate entries in the Category and Transport fields and check the Current setting option. Repeat this for all custom customising tables that are still needed.
Authorizations can also be assigned via "Shortcut for SAP systems".
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
If you are using Central User Administration (ZBV), the assignment applies to all connected systems.