Emergency user concept
Solution approaches for efficient authorizations
Authorization objects are defined with the help of transaction SU21. Each SAP transaction is equipped with the required authorization objects in SU24, which control access to specific functions within the respective program. Standard programs / transactions of an ERP system are already equipped with these objects during the initial installation. The same applies to other platforms such as CRM or Solution Manager.
It is very important that critical authorizations are generally subject to a monitoring process in order to be able to ensure that they are assigned in a productive system in a very restricted manner or not at all. Law-critical authorizations in particular, such as deleting all change documents, debugging ABAP programs with Replace, and deleting version histories, must never be assigned in a production system, as these authorizations can be used to violate the erasure ban, among other things. It must therefore be ensured that these authorizations have not been assigned to any user, not even to SAP® base administrators.
User and authorization management
If you do not have authorization e.g. for a transaction and you get a message that you are missing authorization, you can use transaction SU53 to analyze the missing authorization. This transaction shows the last failed authorization check, including the authorization objects and authorization fields.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Numbers/reminders: The payment and/or collection procedure shall be managed solely on the basis of information from the collection perspective (in particular Table BSEG). For customer and vendor transactions, the Profit Centre is not included in the SAP journal masks by default, and is therefore not available on the appropriate BSEG document lines. Since numbers and warnings are usually centrally controlled processes, this should not be a problem in practice.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The actual downloading of the usage data is then performed using the function block SWNC_COLLECTOR_GET_AGGREGATES.
You can automate the translation of the texts by using the LSMW transaction.