Check current situation
Temporarily disable Central User Management
Typically, this includes permissions that can be used to delete change records in the system or electronically erase them. The traceability of changes is also important in the development system, which is why the authorizations listed below should only be assigned very restrictively or only to emergency users.
Partners delivering their developments also maintain the proposed values for their applications in the transaction SU22. If customers are developing systems that supply other system landscapes than your system landscape and require different SU24 suggestion values per system, the proposed values in transaction SU22 will be maintained. The profile generator uses only the values of the transaction SU24 in your customer environment as a data base. To maintain the suggestion values, you can use both the System Trace data for permissions from the ST01 or STAUTHTRACE transaction and the data from the permission trace in the SU24 transaction (see Tip 39, "Maintain suggestion values using trace evaluations").
Define a user group as mandatory field in the user root
First, select the authorization object that you want to maintain. There can be multiple permissions for each authorization object. Then load the trace data by clicking the Evaluate Trace button. A new window will open again, where you can set the evaluation criteria for the trace and limit the filter for applications either to applications in the menu or to all applications. Once the trace has been evaluated, you will be presented with all checked permission values for the selected authorization object. With the Apply button, you can now take the values line by line, column by column, or field by field. In the left part of the window, you will see the permission values added to the suggestion values already visible. After confirming these entries, you will be returned to the detail view of your role. You can see here the additions to the permission values for your authorization object.
You will need to adapt the template to your organisation's circumstances, i.e., probably define the certificate filing depending on the naming convention for your users and adjust the certificate verification. This verification of certificates ensures that no existing certificates are added in the template and that only one certificate is entered to an e-mail address. This check is necessary because sending an encrypted e-mail is cancelled if more than one valid certificate to an e-mail address is found. You can map mass imports of the certificates via this customer-specific programme. In addition, you will also need to define a way to manage certificates in your organisation, i.e. how to transfer changes to certificates to the SAP system.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
The website www.sap-corner.de offers many useful information about SAP basis.
This role is now available for you to assign to users.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Wenn dies der Fall ist und das Passwort gerade geändert werden muss, wird diese Änderung vom Benutzer abgefragt.