Object S_BTCH_ADM (batch administration authorization)
If you have developed your own permission checks to use them in your own programmes or to make extensions to the SAPS standard, it is essential that you maintain the Z authorization objects as suggestion values for the respective applications. Thus, they do not have to be reworked manually in the respective roles. In addition, you have created a transparent way to document for which applications your customer's permissions are available. Last but not least, a well-managed suggestion value maintenance helps you with upgrade work on suggestion values and PFCG roles. This ensures that your changes and connections to the respective PFCG roles are retained and new permissions checks for the new release are added to the applications.
You may have special requirements that are necessarily to be included in the naming convention, such as when you define template roles in a template project that can be customised locally. You can identify this in the naming.
Know why which user has which SAP authorization
You can create such an organisational matrix as an Excel file or in ABAP; This depends on how you want to read the data. When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered. We first describe how you can provide automated mass care in the form of a custom development.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Users' favourite lists provide valuable information about the transactions they use. With the knowledge of the favourites, you can therefore avoid gaps in your authorisation concept. In the SAP system, each user has the ability to save frequently used functions as their own favourites. In practice, we have found that this feature is very often used by users. If you create a new permission concept, it is useful to include the favourites in the viewing. Because the favourites don't just store used transactions over and over again, but also transactions that users use only occasionally. These occasional transactions could be quickly forgotten when redesigning a eligibility concept. Therefore, we always recommend that you match the transactions you have considered with the favourites stored in your system.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
For this purpose, the SU22 SAP authorization default values must be transported via SU25 into the customer-specific SU24 tables.
Therefore, when you create your own programmes, you can follow the eligibility checks of the standard programmes or reuse the permissions checks used there.