User Information System SUIM
SAP S/4HANA: Analysis and simple adjustment of your authorizations
The maintenance status of permissions in PFCG roles plays an important role in using the Role Menu. The Maintenance Status allows you to determine how the authorization object entered the role and how it was maintained there. The blending function of role maintenance credentials in the PFCG transaction is a powerful tool that helps you with role processing. If the Roll menu has been changed, the Mix feature will automatically add the permissions suggestions that are included in a single role. This is based on the proposed authorisation values defined in the transaction SU24, whose maintenance status is standard in the authorisation maintenance. These permission values are also called default permissions. Permissions with different maintenance status, i.e. Care for, Modified or Manual, are not changed during mixing - the exception is removing transactions.
In the display image of your selected table, go to the Tools menu and select Assign Permissions Group. On the following image, you can then change the association with a table permission group or assign a new permission group. To do this, click the View/Modify button ( ) and enter your permission group in the Permission field.
Sustainably protect your data treasures with the right authorization management
Here, the authorizations are either derived from the role menu (through the authorization default values (transaction SU24) or can also be edited manually in expert mode. The individual authorization objects are divided into object classes. For example, the object class AAAB (cross-application authorization objects) contains the authorization object S_TCODE (transaction code check at transaction start) with the authorization field value TCD (transaction code).
In case of missing authorizations, SAP Basis also helps with an authorization trace in addition to the well-known SU53 for a more detailed analysis of authorization objects. The article "SAP Basis Basic or finding missing authorizations thanks to SU53 or ST01 Trace" describes this in more detail.
Authorizations can also be assigned via "Shortcut for SAP systems".
However, we recommend granting permissions at the function block level, because function groups often contain a large number of function blocks and the accessibility is expanded unnecessarily.
The flag is thus set retrospectively, so that no customer data is accidentally overwritten with step 2a due to missing modification flags.