Implementing CRM Role Concept for External Services
Maintain authorization objects more easily
SAP Note 1854561 provides a new possible value for the auth/authorisation_trace parameter: F (Trace enabled with filter). Allows you to limit the permission trace to values that can be set by the filter. The filters are defined in the STUSOBTRACE transaction (see SAP Note 1847663).
Since 2001, SAP has been working with the German-speaking SAP user group (DSAG e. V.) Model rolls for tax inspectors developed and revised over the years. The role definition reflects an interpretation of the DSAG of the concept of tax-relevant data.
Lock Inactive Users
Here we present different scenarios for the process of resetting passwords. In all scenarios, the user selects the system and the client in which a password is to be reset from a web page. Only systems and clients where this user already exists and assigned a permission should be displayed. An initial password is then generated and sent to the user's email address. Only if a user lock is set by false logins, the user must be unlocked. If an administrator lock is in place, the user should be informed accordingly. Before implementing self-service, consider the password rules set in your systems and the use of security policies. Because these settings allow you to control how passwords are generated in your systems. We recommend that you read the instructions in Tips 4, "Set Password Parameters and Valid Signs for Passwords", and 5, "Define User Security Policy".
For the application identifier (defined in the TBE11 table), see the TPCPROGS table. The organisational unit is evaluated in the context of the application label. In general, this is the accounting area.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The use of reference users reduces the number of entries per user in the user buffer, i.e. in the USRBF2 table.
This checks whether the selected user is authorised to run the specified ABAP programme or external command.