Which challenges cannot be solved with authorization tools alone?
Deleting table change logs
If the authorization objects also require permission fields, you can create them in the SU20 transaction. When creating a authorization object in the SU21 transaction, you first set a name and description for the authorization object, and then assign it to an object class. Then assign the necessary permission fields. If any of these fields are ACTVT, you can select all of the activities to be checked by clicking the Activities button. The navigation behaviour has been improved here a lot.
What's New from System Trace for Permissions! Here, features have been added that make recording and role maintenance much easier. Permission values in PFCG roles are maintained and debugging requires the use of the system trace for permissions. In the past, SAP customers have asked for more ease of use, since the trace evaluation is sometimes confusing.
ACCESS CONTROL | AUTHORIZATION MANAGEMENT FOR SAP®
The requirements for the architecture of authorization concepts are as individual as the requirements of each company. Therefore, there is no perfect template. Nevertheless, there are topics that should be considered in an authorization concept.
The use of suggestion values not only brings advantages when creating or maintaining PFCG roles, but also when maintaining permissions as a rework of an upgrade. Furthermore, these values can be used as a basis for risk definitions. Before creating PFCG roles, it is useful to maintain the suggested values for the transactions used. However, you do not need to completely revise all of the suggested values that are delivered by SAP.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
For example, the Excel file contains a table with the columns Technical role name, description German, description English.
Giving permissions to specific functions that are called in SAP CRM through external services requires some preliminary work.