Calling RFC function modules
SAP Authorizations - Overview HCM Authorization Concepts
If transactions are changed in the role menu of a single role, this option is automatically suggested to the operator. In this option, the profile generator will match the pre-existing permissions data with the SU24 transaction permission proposals from the role menu. If new permissions are added to the permission tree during this comparison, they will be marked with the Update status New. Permissions that existed before the match are assigned the Alt update status.
SAP authorizations control the access options of users in an SAP system, for example to personal data. Managing this access securely is essential for every company. This makes authorization concepts, authorization tools and automated protection of the SAP system all the more important.
SIVIS as a Service
Once you have archived the change documents from the User and Permission Management, you can use a logical index for change document properties to significantly improve performance. First, however, you must ensure that SAP Notes 1648187 and 1704771 are installed in your systems. These notes provide the SUIM_CTRL_CHG_IDX report, which adds key characteristics for change document characteristics of the PFCG and IDENTITY object classes to the SUIM_CHG_IDX table when you have marked the Indices key change documents field. All change documents are indexed (this can lead to a very long run time when the report is first run). Later, the newly added change documents are indexed regularly (e.g. weekly or monthly). To do this, specify the target date in the selection of the report and schedule it as a regular job. Note that you can only create the index until the previous day - otherwise inconsistencies may occur.
If you do not want to use reference users, you can hide the Reference User field for additional permissions via a standard variant for the transaction SU01. The necessary steps are described in SAP Note 330067.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
In addition, you can also define customised permission checks in the SOS and also define combinations of authorization objects and their values.
If the role should only allow access to certain external services, regardless of the customising (or only to the external services specified in the customising), it becomes a little trickier.