Basics SAP Authorizations including Fiori - Online Training
Note the effect of user types on password rules
The SAP NetWeaver Application Server ABAP 7.31 changed the way the transaction SU25 works, especially from step 2a to the automatic suggestion value matching with SAP values. Now, this compares which records have been updated using time stamps. This makes it possible to run Step 2a separately for software components installed afterwards. Another advantage is that the objects to be edited can be better identified due to the time stamp. Before SAP NetWeaver 7.31, the applications to be matched for step 2a have been registered with their base release versions, which you can see in the USOB_MOD or TCODE_MOD tables.
This role is now available for you to assign to users. As a design-time object, you can transport this role via the HANA-owned Transport Service (HALM) or via the SAP Solution Manager with the CTS+ extension. After transport to the target system, this role is activated as a runtime object. You can assign HANA roles via both SAP HANA Studio and SAP Identity Management.
Object S_BTCH_ADM (batch administration authorization)
Identify the user master record in the Active Directory associated with the user ID that you are creating in the SU01 transaction. To do this, search within the Active Directory for a user master set for which the user ID you are looking for is entered as the SAP user name. Next, fill in the transaction SU01 fields with the data from the Active Directory User Set.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549. The switch is NO, and you can switch it to ALL, so that the switch takes on the same functionality as in the higher releases.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Granting permissions to access tables directly is flexible and useful, and is not recommended unless the mechanism is hammered out by giving the user general table access through generic maintenance tools.
Some SAP applications also have their own frameworks in place that allow customisation-free implementation of their own permission checks, such as the Access Control Engine (ACE) in SAP CRM.