Controlling permissions for the SAP NetWeaver Business Client
Check the SAP authorization concept
You can view the change documents of the permission proposal maintenance using the report SU2X_SHOW_HISTORY (available with the support package named in the SAPHinweis 1448611). If the note is not implemented, use the USOBT_CD and USOBX_CD tables. We recommend that you run the SU24_AUTO_REPAIR correction report regularly. This report cleans up inconsistencies and adds missing modification flags in the transaction SU24 data that may turn up as errors when the transaction SU25 is executed. Read SAP Note 1539556 for this. Modification flags are added to the records in transaction SU24, if they have been modified by you. You can see these flags in the USOBT_C and USOBX_C tables.
SAP authorizations control the access options of users in an SAP system, for example to personal data. Managing this access securely is essential for every company. This makes authorization concepts, authorization tools and automated protection of the SAP system all the more important.
Maintaining Authorization Objects (Transaction SU21)
To maintain open permission fields in roles, you need information from the Permissions System Trace. But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually. The information on which values can be entered can be read from the Permissions system trace and maintained manually in the PFCG role. However, this can be very complex, because a function that takes these values into the PFCG role has been missing.
We therefore recommend that you schedule a background job on the PFUD transaction, which performs a regular user comparison (see Trick 17, "Schedule PFUD transaction on a regular basis"). By the way, did you know that the auth/tcodes_not_checked profile parameter enables you to disable the transaction startup permissions for the SU53 and SU56 transactions? To do this, enter the value SU53, SU56, or SU53 SU56 for the profile parameter. This means that the end user no longer needs the permissions to run these transaction codes from the S_TCODE authorization object.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
In the SU53 you get the entry of the user that is stored there, and this may be old.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
The values of the profile parameters override the customising parameter entries to prevent invalid passwords from being generated.