Use the authorisation route to identify proposed values for customer developments
AUTHORIZATIONS IN SAP SYSTEMS
If you want to use reference users and use the User menu, you should also ensure that users also see the role menus associated with reference users. To do this, enter the corrections in SAP Note 1947910. They include two switches for customising in the SSM_CUST table.
In many distributed organisations, the Profit Centre is used to map out the distributed units. However, this was only possible for FI with additional programming. In integrated data flows in SAP ERP, the sending application usually does not check the authorization objects of the receiving application. Financial Accounting (FI) in SAP does not check permissions for cost centres and profit centres. However, depending on the case of use, this may be necessary, e.g. if distributed entities are to operate as small enterprises within the enterprise and only collect and view data for this particular unit at a time. With the introduction of the new general ledger, SAP has technically merged the financial accounting and the profit centre account, so that the question of the inclusion of profit centre allowances in FIs becomes even more important.
Implementing CRM Role Concept for External Services
No matter what the reason, it is quickly said that a new authorization concept is needed. But this is not always the case. And if it is, the question is which authorization concept in SAP HCM is the right one. Yes, exactly which concept, because in SAP HCM there are three ways to implement an authorization concept.
When using encryption mechanisms, be sure to prevent access to the personal security environment (PSE) files in the server's file system and database. To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system. For details on securing key tables, see SAP Note 1485029.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
For example, you can filter the loggers of multiple emergency users.
The source of the required authorization objects is usually a developer or permission trace.