User group can be defined as required field
Check and refresh the permission buffer
This report has two functions: PFCG role consolidation - Identical roles are grouped into a single user base when validity periods overlap or connect directly to each other. Select the users, user groups, or roles to apply these rules to in the Selection Criteria pane. Deleting Expired PFCG Scrolls - If you uncheck Expired Mappings, Expired Scrolls will be removed from the user's root.
Another function of this transaction is to find transactions based on generic table access transactions. Here you can check whether there are parameter or variant transactions for a given table, or for a particular view, for which you can set up permissions, instead of allowing access to the table through generic table access tools. If a search result is generated, you can even search for roles that have permissions for the selected alternative applications. To do this, click the Roles button (Use in Single Roles). When using this tool, make sure that even if applications have the same startup properties, there may be different usage characteristics, such as SU22 and SU24 transactions. Both transactions have the same start properties, but are used for different purposes and display different data.
Generic access to tables
With the new transaction SAIS, you will enter the AIS cockpit, where you will be able to evaluate the various audit structures related to the topic. When performing an audit, under Audit Structure, select one of the existing structures and select a check number in the appropriate field. Audit structures may be subject to different audits; Therefore, you must always select an audit first. To do this, select a verification number or create a new audit. After you select the audit, the audit tree will appear in the cockpit. You can now perform the individual steps of the audit along the definition in the audit tree.
For the ABAP stack, authorization profiles can be created either manually or by using the profile generator. However, the use of the profile generator is strongly recommended, since manual administration usually results in misconfigurations of authorizations. The profile generator guarantees that users only receive the authorizations assigned by their role. Concepts, processes and workflows must therefore be adapted to the use of the profile generator. There is no choice for the Java stack; here the J2EE authorization mechanism must be used. The User Management Engine offers options that go beyond the J2EE standard.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
The website www.sap-corner.de offers many useful information about SAP basis.
However, you can also search only for a specific selection criterion (e.g. only for transactions, only for authorization objects...).
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
This way, complex role hierarchies can be put together.