Schedule PFUD transaction on a regular basis
SAP S/4HANA® Launch Pack for Authorizations
Native or analytical tiles: These tiles work exclusively in the FIORI interface and are adapted to the new technology. Here, for example, push messages are displayed on the tile, or key figures, diagrams, etc. are displayed, which can then be processed directly with a click. These tiles do not have direct GUI access, or cannot be used directly in the GUI environment. As mentioned above, access to these tiles is provided in a so-called front-end system via corresponding catalogs and groups. However, the underlying conceptual permissions (who is allowed to do what within the functionality of the tile) follows the same processes as in the "old world" for transaction access. The tile in the front-end needs here corresponding dependent distinctive authorizations (keyword: SU24 adjustment). In the back-end system, then again - analogous to the "old" world - about a role, which is built in the profile generator and maintained on object and field level, or set. Of course, topics such as updating internal and third-party tools, integrating cloud solutions, modern hybrid infrastructures, defining and operating ongoing dynamic changes, etc. must also be taken into account here.
Evaluate the criticality of the security advisories for your company and also take into account the risks that may arise from the introduction of the SAP notes. This may include, for example, risks or expenses due to change and the corresponding tests in a productively used business process. Depending on this evaluation, you decide which safety instructions you want to insert directly and which hints should be implemented in the next maintenance cycle.
Use SAP_NEW correctly
If a release change occurs, the adjustment of permissions is also required as a rework. You will have already learned that this task can be very complex. Many innovations make this work easier and make the whole process more transparent. In the event of a release change, not only new applications are often added, but also new or modified authorization objects, permission checks, and, as a result, modified suggestion values. With the SU25 transaction, you can update the suggestion values step by step and then update all the affected roles. So far, however, the transaction has been a kind of black box for you. You have performed each step without seeing how your suggestion values or roles have changed. We will now show you how to use the new features of the SAP NetWeaver Application Server ABAP to increase transparency in upgrading suggestion values and mixing PFCG roles.
Authorizations are the main controlling instrument for mapping risk management and compliance. They are used to control all processes in the systems. For the most part, separation of functions is implemented exclusively with authorizations. Therefore, not only the one-time setup of authorizations is relevant, but also the continuous monitoring and control of the authorization assignment. Various tools are available on the market for this purpose. A re-certification process that involves the departments and optimizes the revalidation of authorizations is helpful.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The required effort and the space for errors are correspondingly large.
In this case, you should create a transport order in the development system and transport the table to the production system.