What is the first thing that comes to your mind when you found this subject πŸ˜› Quite unique πŸ˜‰ .


I guess my number of views will be less this time due to the uniqueness of the title πŸ™


“*” is quite often used term in CRM UI to make a wild search.  We use “*” when we are searching in F4 in SAP GUI or CRM Web UI Search.


But the asterisk what I am going to talk about is the one which we put in PFCG authorization πŸ˜€


Across my SAP experience I found people easily giving full authorization to authorization object. The reason behind such practice is as follows:


  • Lack of knowledge
  • Avoidance of unexpected errors that might occur
  • Effort required to find those objects
  • Making testing task easier, etc…..

In CRM perspective, if we follow such method then we are trying to control navigation via Business role. The UIU component linked to the business role does not restrict access data but let the menu in PFCG role to control navigation.


❗ Pitfalls of such approach


Using the * to all the objects is like disabling the authority check to work.  Giving unwanted access to users which they are not suppose to use it, leading to a major business impact and security concerns.

So it is recommended to give specific set of values for authorization object in the beginning itself, rather getting into trouble later.


Below is some of the illustration of blunders that one might do 😯


Example 1 – UIU component authorization objects



Example 2 – Non UIU component authorization objects




To my surprise some might give all the parameters full authorization as the one above. Giving such authorization demeans the usage of the authorization concept.


ℹ Nonetheless there can be some authorization objects we can give full authorization “*” . For example a developer role. The whole point is look before you give such authorizations rather than recklessly giving full authorizations to all the authorizations objects in a PFCG Role.







To report this post you need to login first.

11 Comments

You must be Logged on to comment or reply to a post.

      1. LuΓ­s PΓ©rez Grau

        Thanks for the contribution Neha.


        Why next? you can change this one πŸ™‚ I’m afraid I must  agree with Praveen Nenawa it’s pretty hard to read, Also, a nice Title will be more than welcome. 

        Keep going!

        Luis

        (0) 
  1. Hariprasad Nagalapur

    Hi Neha,

    Good article indeed and I have two suggestions.

    1. Change the font of the article.

    2. Rename the article as “- – – – – – – – – – – – ” * ” – – – – – – – – – –  – -”  πŸ˜†

    Rgds

    Hari

    (0) 

Leave a Reply