Automatically pre-document user master data
Critical authorizations
Which authorization objects are checked (SU22)? When calling a transaction, such as the ME23N, various authorization objects are checked. You can get an overview as follows: Call transaction SU22 (SAP tables) or SU24 (customer tables), enter e.g. "ME23N" in "Transaction code" and execute the transaction. As a result you will see all authorization objects that are checked when calling transaction ME23N.
WF-BATCH: The WF-BATCH user is used for background processing in SAP Business Workflow and is created automatically when customising workflows. WF-BATCH is often associated with the SAP_ALL profile because the exact requirements for the permissions depend on the user's usage. The password of the user can be set and synchronised via the transaction SWU3. Safeguard measures: After automatic generation, change the user's password and assign it to the SUPER user group.
User Interface Client Permissions
If you want to cancel, share, or reset other users' jobs to scheduled status, you must have permission for the S_BTCH_ADM object with a value of Y. Alternatively, you can also grant the JOBACTION = MODI and JOBGROUP = permission for the S_BTCH_JOB object. The MODI promotion was introduced with SAP NetWeaver AS ABAP 7.00 or can be recorded via SAP Note 1623250. The following illustration shows an example of how the JOBACTION = MODI privilege is expressed for the jobs of the users listed under JOBGROUP.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
Due to the changed suggestion values in the SU24 transaction, you must now perform step 2c (roles to verify) to update all roles affected by the changed proposal values. Role changes are only customised! You will get a list that shows all the roles you need to edit. If you have more than one client to maintain roles, you must also do this in the other client.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Keep an overview here to identify dependencies and control access permissions in an organisation-specific way.
This is where the experienced auditors at IBS Schreiber GmbH can provide support.