Limit character set for user ID
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
If an entry in transaction SE97 is correctly created, a permission check is performed in the same way as a transaction startup authorisation. This approach therefore requires an exact and complete configuration for each transaction that is invoked. The required effort and the space for errors are correspondingly large. The CALL TRANSACTION ABAP command does not cause a transaction startup permission check. Without a permission check, the ABAP programme could unintentionally allow users to access system resources. In many cases, such authorisation problems lead to a hidden compliance violation, because this means that the traceability of user actions in the SAP system is no longer guaranteed. A developer should not rely on the functionality of the SE97 transaction and therefore should include the possible permission checks in the code. Therefore, one of the following explicitly coded permission checks for the CALL TRANSACTION statement must be performed.
After successful implementation of your permission check, the new authorization object for your application must be maintained in transaction SU24. If your solution is distributed in other system landscapes, the authorisation proposals in the transaction SU22 are maintained. In addition, with the permission proposal value maintenance, you can make sure that the new authorization object is not forgotten in a role system, because it is now loaded automatically into the PFCG role when the application is called up via the role menu. In the final step, the permission administrator can create the PFCG role or must remix the existing PFCG roles.
Implementing CRM Role Concept for External Services
The second example requires additional permission checks to display certain documents in the FBL*N transactions. This can be achieved by means of the expression and activation of a function block in the BTE, the so-called processes and events. The sample function module BTE for the event 1650 can be found in the FIBF transaction in the area of Publish-&-Subscribe interfaces (Environment > Information System (P/S)). The sample function module is basically used to enrich data in the item display. To do this, he passes the complete record per document line and expects it to be enriched back. This is exactly what we are using.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Application Privileges: Application Privileges are specific permissions to access applications based on the features of SAP HANA Extended Applications Services (SAP HANA XS).