* Full Authorization! Pitfalls.
What is the first thing that comes to your mind when you found this subject 😛 Quite unique 😉 .
I guess my number of views will be less this time due to the uniqueness of the title 🙁
“*” is quite often used term in CRM UI to make a wild search. We use “*” when we are searching in F4 in SAP GUI or CRM Web UI Search.
But the asterisk what I am going to talk about is the one which we put in PFCG authorization 😀
Across my SAP experience I found people easily giving full authorization to authorization object. The reason behind such practice is as follows:
- Lack of knowledge
- Avoidance of unexpected errors that might occur
- Effort required to find those objects
- Making testing task easier, etc…..
In CRM perspective, if we follow such method then we are trying to control navigation via Business role. The UIU component linked to the business role does not restrict access data but let the menu in PFCG role to control navigation.
❗ Pitfalls of such approach
Using the * to all the objects is like disabling the authority check to work. Giving unwanted access to users which they are not suppose to use it, leading to a major business impact and security concerns.
So it is recommended to give specific set of values for authorization object in the beginning itself, rather getting into trouble later.
Below is some of the illustration of blunders that one might do 😯
Example 1 – UIU component authorization objects
Example 2 – Non UIU component authorization objects
To my surprise some might give all the parameters full authorization as the one above. Giving such authorization demeans the usage of the authorization concept.
ℹ Nonetheless there can be some authorization objects we can give full authorization “*” . For example a developer role. The whole point is look before you give such authorizations rather than recklessly giving full authorizations to all the authorizations objects in a PFCG Role.
Looking forward to part 2...soon
Thanks for sharing.
Neha,
Thanks for sharing, looking for part 2.
Just a polite request "please use simple ARIAL or TNR font" so that people can read it easily.
Welcome!
I like this font 😐 I will take care from next time.
Regards,
Neha Gupta
Thanks for the contribution Neha.
Why next? you can change this one 🙂 I'm afraid I must agree with Praveen Nenawa it's pretty hard to read, Also, a nice Title will be more than welcome.
Keep going!
Luis
Hi Neha,
Good article indeed and I have two suggestions.
1. Change the font of the article.
2. Rename the article as "- - - - - - - - - - - - " * " - - - - - - - - - - - -" 😆
Rgds
Hari
Thanks!
1. The font of the article is already changed.
2. Sorry I could not get your point 2 of renaming !?
2. Sorry I could not get your point 2 of renaming !?
I mean, instead of just (*), suggested style of heading can attract more users.
Thanks for suggestion 🙂 Will be great if you can rate the blog too.
Thanks!
Neha
I believe he's already rating your blog, at least, he spend some time suggesting, feedback is better than points right? 😉
Yes you right Luis 🙂