Custom Permissions
Context-dependent authorizations
The assignment of roles does not include any special features. Therefore, we only deal with the topics of time-space delimitation and logging. Time-space validation is implemented as an additional filter that runs after the usual permission checks. This additional filter logic works as follows: The first step is to check whether the user is entered in the tax verifier table (Table TPCUSERN, Configuration with the transaction TPC2). Only then will the further tests be carried out. If not, no additional checks will be carried out. The programme is then checked to see if it is included in the table of allowed programmes (table TPCPROG, configuration with the transaction TPC4). If the check is negative, the system cancels with a permission error. The time-space check is performed against the valid intervals in the table TPCDATA (configuration with the transaction TPC6). The time-space check works in context: In addition to the supporting documents of the audit period, older supporting documents are also included if they are still relevant for the audit period, such as open items that were booked in previous years but only settled in the audit period. Records that do not fall into the valid period according to the logic described above are filtered out.
In order for these FIORI apps/tiles and groups to be displayed, the corresponding authorizations must be made on the basis of a group and catalog assignment. These are assigned via specific groups, which in addition to the normal authorizations (such as create, change, display cost centers) also assign access to the appropriate FIORI Apps.
Deletion of change documents
Transactions: Transactions in the audit structure start the necessary evaluations for the audit. You can recognise transactions by the clock symbol ( ). Double-clicking on the icon opens the transaction in a new window and allows you to start the evaluation. In addition, the SAIS transaction log entries for this audit activity are displayed in the upper right pane of the display. These include the current date of execution, the verifier's user ID, a check status that you assign yourself, a weighting, and a justification for the check status that you also enter into a text box. Below is an overview of the audit activities performed so far, also with a time stamp, the user ID of the verifier, the weighting of the status of the audit activity and a justification. In order not to manipulate the scanning activities, it is not possible to modify data stored once.
Regardless of whether you select the degree of simplification COARS = 1 or 2, you should not enter * or SAPDBPNP (programme name of logical database PNP) in the REPID field. With these values, you allow access to the logical databases SAPDBPNP and SAPDBPAP and thus to all contained root data.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Use the test mode of the report to look at possible corrections in advance.
Then click the Editor tab.