Making the RESPAREA responsibility the organisational level
Analyzing the quality of the authorization concept - Part 1
You can find the report RSUSR010 in the User Information System under the entry Transactions > Executable Transactions (all selections). You can run the report for users, roles, profiles, and permissions as described above. We will describe the evaluation for the users below (see figure next page above); for the other selection options, the operation of the report is analogous. The RSUSR010 report identifies all transactions that a user is allowed to start. In the list of executable transactions, you can then double-click on the transaction (for example, PFCG) to view the list of authorization objects and values for that transaction.
Once you have edited the role menu, you can customise the actual permissions in the PFCG role. To do this, click the Permissions tab. Depending on the quantity of external services from the Role menu, the authorization objects will appear. The authorization objects are loaded into the PFCG role, depending on their suggestion values, which must be maintained for each external service in the USOBT_C and USOBX_C tables. You can edit these suggested values in the SU24 transaction. Make sure that external services in the Customer Name Room also have the names of external services and their suggestion values in the tables maintained (see Tip 41, "Add external services from SAP CRM to the proposal values"). Visibility and access to external services is guaranteed by the UIU_COMP authorization object. This authorization object consists of three permission fields: COMP_NAME (name of a component), COMP_WIN (component window name), COMP_PLUG (inbound plug).
Task & functionality of the SAP authorization concept
You want to create a permission concept for applications that use SAP HANA? Find out what you should consider in terms of technical basics and tools. As described in Tip 22, "Application Solutions for User Management in SAP HANA", there are different application scenarios where the permission assignment on the HANA database is required.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Note that the SAP_NEW_ individual profiles should be retained themselves, so that at any given time, traceability is ensured as to which release and which permission was added.