Advantages of authorization concepts
Transports
The applications (transactions, Web-Dynpro applications, RFC building blocks, or Web services) are detected through their startup permissions checks (S_TCODE, S_START, S_RFC, S_SERVICE) and can be placed in the role menu of your role. In your role, go to the Menu tab and import these applications by clicking Apply Menus and selecting Import from Trace. A new window will open. Here you can evaluate the trace and view all recognised applications in the right window. To do this, click the Evaluate Trace button and select System Trace (ST01) > Local. In a new System Trace window, you can specify the evaluation criteria for the trace, such as the user using the Trace field only for users or the time period over which to record. Then click Evaluate.
You can also monitor security alerts from the Security Audit Log via the Alert Monitoring of your Computing Centre Management System (CCMS). The security warnings generated correspond to the audit classes of the events defined in the Security Audit Log. Many companies also have the requirement to present the events of the Security Audit Log in other applications. This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs. You must follow the XMI interface documentation to configure it. You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template. A description of this programme can be found in SAP Note 539404.
Take advantage of roll transport feature improvements
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
The data that is regulated by the structural authorizations must be hierarchically structured in one of the personnel development components. This could be Organizational Management or Personnel Development, for example. Access can thus be regulated relative to the root object within the hierarchical structure.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
We are often asked how permissions are properly assigned to schedule background jobs and manage those jobs.
You want to use the Security Audit Log to monitor certain security-related operations or particularly well-authorised users in the SAP system.