Customizing Scenario-Based AuthorizationsLocate this document in the navigation structure

Development can deliver scenarios in applications. To activate the scenarios in the application, create productive scenarios from the scenario definitions delivered by development.

Prerequisites

You have a user with the required authorizations.

Context

Scenarios enable developers to deliver alternative authorization checks for specific scenarios. The scenarios do not change the behavior of the application until you make the scenarios productive. The scenario definition defines the authorization objects used and how the system should check them. In the productive scenario, you can override the authorization status suggested by developer in the scenario definition.

Restriction

The developer can deliver scenario definitions that are active. For such scenarios, you can only change the security audit log status.

Productive scenarios are customizing objects, which you can transfer through your landscape.

Procedure

  1. Start Compare Active Scenarios for Switchable Authorizations (transaction SACF_COMPARE).
  2. Determine the comparison method.
    Option Description
    Set initial values

    Choose this option to copy the configuration of the scenario definition to the productive scenario. If there is already a productive scenario, this option overwrites any content.
    Automatic comparison with scenario definitions

    Choose this option to automatically create the productive scenario. It sets the scenario status, security audit log status, and assignment of any authorization objects and their status in the productive scenario to that of the scenario definition. This option cannot overwrite existing values.
    Manual comparison with scenario definitions

    Choose this option to open the productive scenario in editing mode. Manually set the scenario status, security audit log status, change the authorization objects, and change the status of the authorization objects.
  3. Enter selection parameters.
  4. Choose Execute Object (Execute).
  5. Select a scenario definition and choose the action according to the comparison method.

    You chose the option to...

    Then...

    Set initial values

    Choose the SAP Menu Initialize pushbutton.

    Automatic comparison with scenario definitions

    Choose the SAP Menu Automatic Comparison pushbutton.

    Manual comparison with scenario definitions

    Double-click an active scenario and edit the data as required.

    Note

    By default, the scenario does not record authorization checks in the security audit log. Enable the checks with the SAL Status field to troubleshoot and test. The security audit log can return information about the user ID, the terminal, and the authorization objects involved. In productive systems, only enable the security audit log for critical processes for which you want information about authorization checks that failed. Activate the security audit log only in exceptional circumstances.

Next Steps

Once you have customized and tested the productive scenario, you can transport it to other systems in your landscape.
Related Information
Switchable Authorization Check Framework Overview
Transporting Productive Scenarios to Follow-On Systems
Checking the Consistency of Productive Scenarios
Displaying an Overview of Scenarios
Authorizations Required For Scenario-Based Authorizations