Implementing Permissions Concept Requirements
Authorization concepts - advantages and architecture
To define table permissions in the PFCG transaction, it is not necessarily sufficient to specify the generic table display tools, such as the SE16 or SM30 transactions, in the role menu. The proposed values for these transactions are very general and only provide for the use of the S_TABU_DIS or S_TABU_CLI authorization objects. Explicit values must be entered depending on the tables that you have selected for permission. To explicitly grant access to the tables through the S_TABU_NAM authorization object, you can create a parameter transaction for each table access. For example, a parameter transaction allows you to call tables through the SE16 transaction without having to specify the table name in the selection screen because it is skipped. You can then maintain suggestion values for the parameter transaction you created.
The security policy was introduced with the SAP NetWeaver 7.31 release; for their use you need at least this release. Security policies thus replace the definition of password rules, password changes, and login restrictions via profile parameters. The security policy is assigned to the user in transaction SU01 on the Logon Data tab. Profile parameter settings remain relevant for user master records that have not been assigned a security policy. Some of the profile parameters are also not included in the security policy and therefore still need to be set system-wide. Security policy always includes all security policy attributes and their suggestion values. Of course, you can always adjust the proposed values according to your requirements. You define security policy about the SECPOL transaction. Select the attributes for which you want to maintain your own values and enter the values accordingly. The Descendable Entries button displays the attributes that are not different from the global entries.
Authorization Analysis
For each form of automated derivative of roles, you should first define an organisational matrix that maps the organisational requirements. To do this, you must provide data on each organisation in a structured form.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
This gives you a fairly detailed description, which in principle already indicates business roles (in relation to the system).