Excursus Special feature for authorizations for FIORI Apps under S/4HANA
Check for permissions on the old user group when assigning a new user group to a user
In many SAP environments, there are historically grown authorization structures that cause unnecessary security gaps. These should be examined closely.
The function block was obviously not intended for this use, but our procedure does not affect the programme process and we are not aware of any limitations resulting from this use. You can also apply this procedure to other BTEs that pass data in a similar form. However, you should always exercise caution and check whether the application has already created sum records or whether there are other dependencies. Finally, you will need to create a product you have developed (you can define the name yourself) in the FIBF transaction and assign it to Business Transaction Event 1650 along with the customer's own function block, as shown in the following figure. A custom product may include several enhancements. It forms a logical bracket around the extensions and thus provides a better overview. In addition, it allows for a targeted activation or deactivation of the implementations.
Create order through role-based permissions
After these preparations, we now proceed to the expression of the User-Exit in the validation that has just been created. To do this, you copy the User-Exit definition in the created custom programme, specify a name for the User-Exit definition (e.g. UGALI) and create a new text element.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
In the SCC4 transaction, first check whether eCATT is allowed to run.