Maintain transaction start permissions on call CALL TRANSACTION
Add New Organisation Levels
The valid programmes or transactions are stored in the SAP TPCPROGS delivery table, but do not follow a uniform naming convention. Part of the transaction code (e.g. AW01N), part of the report name (e.g. RFEPOS00), or the logical database (e.g. SAPDBADA) is relevant here. Logical databases (e.g. SAPDBADA, SAPDBBRF) are basic data selection programmes and are particularly used in financial accounting. The permission checks, including the time period delimitation, are implemented in the logical database and work for all reports based on a logical database (e.g. the RAGITT00 grid is based on SAPDBADA and the RFBILA00 balance sheet report is based on SAPDBSDF). When you copy the values from the TPCPROGS table, the TPC4 transaction is quickly configured.
As long as the corresponding tests in both the development and the quality system are not completed, the SAP_NEW profile will be assigned to the testers in addition to their previous roles. This ensures that the transactions can be traversed without errors of authorisation. Parallel enabled permissions (ST01 or STAUTHTRACE transactions) can be used to identify the required permissions and assign them to the user through the appropriate roles.
Checking at Program Level with AUTHORITY-CHECK
A note on the underlying USKRIA table: This table is independent of the client. For this reason, you cannot maintain this table in systems that are locked against cross-client customising. In this case, you should create a transport order in the development system and transport the table to the production system.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
If it is clear that a cleanup is necessary, the first step should be a detailed analysis of the situation and a check of the security situation. Based on these checks, a redesign of the authorizations can be tackled.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
However, the use of reference users also creates risks.
Therefore, in the next step, define the useful criteria you need in your role name.