Administration and Use of the SAP Standard Role SAP_NEW
If authorization objects are introduced in the context of an SAP upgrade that significantly affect the process flow of existing applications, these objects are marked by SAP with an SAP_NEW flag. You can use this tool to generate a role that is appropriate for the last version step (source release – target release) with the fixed name SAP_NEW and the relevant authorizations.
You can then assign the role to users in a transition phase to ensure that established productive processes are affected as little as possible. We do not recommend that you permanently assign this role in productive operation.
The introduction of the SAP_NEW role means that the use of the composite profile SAP_NEW is obsolete.
Selection Screen
When you start the tool, the fields Source Release and Target Release are filled in accordance with the last SAP version change for SAP_BASIS. You can change the interval individually at any time.
If at least one relevant authorization object was found, the content of the role SAP_NEW is replaced. You can manually postprocess the role in PFCG.
Authorization Concept
To start the tool, you require start authorization for the Profile Generator (PFCG) or transaction SU25. To adjust the role, you require authorizations analogous to those required to use the Profile Generator.
Note
This role does not contain all new authorization objects, but rather only the new objects that lead to a significant change in existing processes in existing applications. Use transaction SU25 (steps 2a/b/c), to make the necessary changes to your role-based authorization concept.
The role SAP_NEW is not part of XPRA and should, in general, only be used if required.
