Advantages of authorization tools
Evaluation of the authorization check SU53
To use the trace data from the USOB_AUTHVALTRC table, first go to the change mode and then either click the SAP Data button or select Object > Add Objects from Trace > Local. The found authorization objects are imported from the table, but are not yet marked with any suggestion values. To maintain the suggestion values, click the Trace button. In the window that opens, select one of the new authorization objects and then select Trace > Permissions Trace > Local. The checked permission values will now be displayed. To apply these values, select Y Yes in the Suggest Status combo box and select the values you wish to display in the right pane of the window. Then click Apply. After confirming your entries, you confirm the Permissions field maintenance in the Permissions proposal maintenance by clicking on the green checkmark, so that the status of the Permissions object is green (maintained). Also continue with other authorization objects.
Since a role concept is usually subject to periodic changes and updates, e.g. because new functions or modules are introduced or new organisational values are added, role names should be designed in such a way that they can be expanded. Therefore, in the next step, define the useful criteria you need in your role name.
Statistical data of other users
System Privileges (Database System) permissions: System Privileges are SQL permissions that control administrative actions throughout the database. Such actions include creating a (database) schema (CREATE SCHEMA), creating and modifying roles (ROLE ADMIN), creating and deleting a user (USER ADMIN), or running a database backup (BACKUP ADMIN).
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Upgrades also require that the eligibility roles be revised. In this context, you can use the SAP_NEW profile for support. During an upgrade, changes and enhancements to permissions checks are included in SAP NetWeaver AS ABAP. In order for users to continue to perform their previous actions in the SAP system as usual, you as the permission administrator must revise or add to the authorisation expressions within the framework of the established permission concept. Basically, you use the transaction SU25 for this purpose. For the transition period, you can use the SAP_NEW permission until the permission concept is up to date on the new release. Since the handling of SAP_NEW is not always transparent and the question arises, for example, when the profile should be assigned and when not, we explain the background here.
Authorizations can also be assigned via "Shortcut for SAP systems".
Up to now it was not possible to insert more than these seven lines at once from the clipboard.
The handling of organisational levels in PFCG roles wants to be learned.