SE41 Menu Painter
SAP Basis is structured as a classic three-tier model. It contains the following components: Database layer (relational database management system) / Application layer (application server and message server) / Presentation layer (graphical user interface).
The implementation of a cross-sectional function will promote and safeguard the operation of the SAP systems that form the backbone of the company. By coordinating the SAP basis with other IT departments, the optimisation is always done in the overall context of the company or the IT organisation. Eliminating the separation of SAP and non-SAP topics in areas where it is considered useful will lead to expert groups and synergy effects through centralisation.
Show table of contents
Especially in larger companies, which also have multiple locations in different countries, it is often necessary to grant different employees the same permissions for different levels of organisation, such as accounting circles. In order to make maintenance and maintenance of the system easy in such a situation, it is useful to set the inheritance principle for SAP permissions. How does SAP Permissions Inheritance work? An inheritance is always about a master object passing certain properties to a derived (sub) object. Therefore, these properties do not need to be maintained several times. Also, changes to the master object are passed directly to the derived objects. This allows easier maintenance and drastically minimises the error rate. In the case of SAP Permission Inheritance, the required permissions are bundled in a Upper or Master role. Only the organisational levels have to be maintained in the roles derived from them. The permissions are automatically pulled from the master role. Create Inheritance for SAP Permissions The following shows how to create and use inheritances for SAP permissions. This requires only two steps: Creating a master role and defining derived roles. Step 1: Create a master role Inheritance always requires a parent role, because all properties are inherited from it. If this role, in which all shared permissions are bundled, is missing, the first step is to create this master role. To do this, open the PFCG transaction and enter the desired name of the master role in the Name field. It is possible to identify master and derived roles by using naming conventions. The "Single Role" button will then be used to create the desired role. In the following example I create the master role "findepartment_r".
From a purely technical point of view, each generated authorization role contains a profile from which a user receives the actual authorization objects and authorization characteristics. If this profile is outdated or not assigned at all, the user will not have all the authorization objects contained in the authorization role. Incidentally, the problem arises particularly frequently after role transports: If an authorization role is changed in the development system and then transported to the production system, the current profile is not automatically assigned to the users with the respective role. A user comparison must therefore be performed here.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
After that, the queue is recalculated.
On the other hand, data that is newly entered in the presentation layer is passed on to the database layer and stored there.