A complicated role construct
Determine Permissions Error by Debugging
EARLYWATCH: The user EARLYWATCH only exists in the client 066, because it serves the remote maintenance by the SAP support. EARLYWATCH only has display rights for performance and monitoring functions. Safeguard measures: Lock down the user EARLYWATCH and only unlock it when requested by SAP Support. Change the password, assign it to the SUPER user group, and log it with the Security Audit Log.
In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
Excursus Special feature for authorizations for FIORI Apps under S/4HANA
Is it necessary for your evaluations to select the blocked or invalid users? This is now directly possible with the extensions of the user information system. There is always a requirement to evaluate the existing users in your SAP system. Examples may include lists requested by auditors. In such a case, you naturally want to exclude invalid users and those with administrator lock from the selection. Up to now, you have had to perform various evaluations with the reports RSUSR200 and RSUSR002 of the user information system (transaction SUIM) and subsequently edit the lists. The findings may not have been accepted by the auditors as the lists were visibly manipulated, even if this manipulation was justified. You can now enter this selection directly. We will show you below how to search for users with password or administrator lock or exclude them from your selection.
Together with you, we develop suitable authorizations for your systems and processes. In workshops with your departments, we create concepts to assign the required rights to employees. The goal is to define so-called job roles, which represent job profiles at the job level.
Authorizations can also be assigned via "Shortcut for SAP systems".
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
If the change documents are to be read for the attached subsidiary systems, the subsidiary systems must also be at the release and support package status specified in SAP Note 1902038.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Repair defective field list in SU24 suggestion values: This function verifies that all the authorization objects used in the permission proposals are consistent, that is, fit to the authorization object definitions from transaction SU21.