SAP Authorizations Trace after missing permissions

Direkt zum Seiteninhalt
Trace after missing permissions
Efficient SAP rollout through central, tool-supported management
Authorization tools are only as good as the person using them. Until now, no tool has made it possible to create ready-made authorization concepts with just a single click.

Upgrades also require that the eligibility roles be revised. In this context, you can use the SAP_NEW profile for support. During an upgrade, changes and enhancements to permissions checks are included in SAP NetWeaver AS ABAP. In order for users to continue to perform their previous actions in the SAP system as usual, you as the permission administrator must revise or add to the authorisation expressions within the framework of the established permission concept. Basically, you use the transaction SU25 for this purpose. For the transition period, you can use the SAP_NEW permission until the permission concept is up to date on the new release. Since the handling of SAP_NEW is not always transparent and the question arises, for example, when the profile should be assigned and when not, we explain the background here.
Optimise trace analysis
However, it is possible to include the same role in several tasks of different operators within each contract. This increases transparency for you, because all participants can instantly identify which users are editing the role. Before you enable the use of the SCC4 transaction setting for role maintenance, you should release existing role transports to avoid recording conflicts. As a rule, you do not choose the setting depending on your role-care processes; So you have to think very carefully about what the activation will do.

The selection mask for selecting change documents in the transaction SCUH is divided into four sections: Standard selection (similar to other SUIM reports), output, selection criteria, and distribution parameters. In the default selection you have the option to specify for which model view, for which modifier (Modified by) and for which time period you want to view change documents.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

The website www.sap-corner.de offers many useful information about SAP basis.


To do this, use the ISLOCKED export parameter, which returns a four-character combination of the L (locked) and U (not locked) characters.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


Configure this check with the auth/rfc_authority_check parameter.
Zurück zum Seiteninhalt