Set password parameters and valid password characters
Define security policy for users
How do I make an authorization trace on a user (STAUTHTRACE)? With the authorization trace you can record which authorization objects are used by a user. This helps, for example, in the creation of suitable roles: - Call the transaction STAUTHTRACE - Specify the desired user and start the trace - Let the user call his transaction - Stop the trace (Important, do not forget!) - Evaluate the results.
The convenience of configuring and evaluating the Security Audit Log has been improved. For this purpose, the maximum number of marked messages in the detail selection has been increased to 40 events, a forward navigation for the displayed objects has been added and the details selection in transaction SM20 has been supplemented with the technical event names. You will find the corrections and an overview of the required support packages in SAP Note 1963882.
Implementing Permissions Concept Requirements
The difficulty in assigning permissions to the S_DATASET object is determining the correct values for the FILENAME and PROGRAMME fields. If you have not specified a path in the FILENAME field, only the files in the DIR_HOME directory will be allowed.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
The customising objects you have just created are now integrated into your own IMG structure. To do this, open the SIMGH transaction again, call your structure in Change mode, and paste it under the previously created folder by selecting Action > Insert a Level Lower. You should already create a documentation of the same name with the installation of the Customising objects. To do this, select the Create button on the Document tab and write a text to save it and then activate it.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
This setting is not limited to subdirectories, but includes, for example, all files whose name starts with /tmp-xy.
In addition, you can select in the report RSUSR200 whether the users should be valid on the day of selection or not.