Our offer
SAP FICO Authorizations
For table logging, it must be ensured that SAP® Note 112388 (tables requiring logging) is fully implemented and that all tables containing financially relevant data are also included in the logging. Of course, this also applies to all Z-tables! As last point of the important parameter settings are those for the definition of the password settings. Here, it should be ensured that the parameters are also set up in accordance with the company's specifications. However, the check should not only focus on the global settings that are valid for all users, but should also include all those users who have been assigned their own security policies. Especially for these, an appropriate justification must be available in writing.
Each UI component that can be clicked corresponds to an external service that must each have permission set up. UI components also include creating or calling stored searches or navigating from one record directly to another record, such as calling an appointment directly from a business partner; This corresponds to cross-navigation. All navigation options in the form of external services are defined in the customising of the CRM business role in the form of a generic outbound plug mapping to the navigation bar. Outbound Plugs (OP) define what happens when a user leaves a view in SAP CRM. Here the customising is set for scenarios that do not necessarily fit all CRM business roles. The corresponding CRM business roles have been configured to be associated with outbound plugs that are not required for the respective CRM business role scenario. This explains the large number of external services in the role menu.
Calling RFC function modules
Applications use the ABAP statement AUTHORITY-CHECK in the source code of the program to check whether the user has the appropriate authorizations and whether these authorizations are defined appropriately, that is, whether the user administrator has assigned the values required by the programmer for the fields. In this way, you can also protect transactions that are indirectly accessed by other programs. AUTHORITY-CHECK searches the profiles specified in the user master record for authorizations for the authorization object specified in the AUTHORITY-CHECK statement. If one of the determined authorizations matches one of the specified values, the check was successful.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
The user master record contains all information about the corresponding user, including authorizations.