Introduction & Best Practices
Lack of definition of an internal control system (ICS)
The customising parameters in the table PRGN_CUST control the password generator in the transactions SU01 and SU10. The values of the profile parameters override the customising parameter entries to prevent invalid passwords from being generated. If the value of a customising parameter is less than the value of the corresponding profile parameter, the default value of the customising parameter is drawn instead. The same is true if no value is maintained. You can exclude certain words or special characters as passwords by entering them in the USR40 table. In this table you can enter both specific passwords (e.g. your company's name) and patterns for passwords (e.g. 1234*). '*' stands for any number of additional characters (wild card) and '?' for any character. However, when maintaining the USR40 table, note that the number and type of entries affect performance.
The first two problems can be solved by inserting the correction from SAP Note 1614407. The profile data will not be added to the bill of materials at the time of the roll recording but only when the transport order is released. This ensures consistency between the role's permission data and its profile data. The shared transport job also contains the complete history of changes to the profiles and permissions, so that obsolete data can also be deleted in the target systems.
The relevant authorization objects are then displayed in an ALV list and the documentation for the authorization object can be called up via the I in the Docu column. This documentation then displays much more detailed information about the respective authorization object as well as the defined fields.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
This information is used in the name generation of the external service. In this way, all area start pages and logical links configured in a CRM business role are authorised in the form of external services. Due to the mass of external services that appear in the role menu, it is difficult to keep track of them. Now, to allow only certain external services, you can do the following: First, identify the external service using the permission trace.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Until now, there were no ways to define different password rules or password change requirements for these users.
You will see a detailed list of which user made which change to which object and when.