Authorization object documentation
Object S_BTCH_ADM (batch administration authorization)
You can use the Security Audit Log to control security-related events. Learn how to configure it to monitor the operations that are relevant to you. You want to use the Security Audit Log to monitor certain security-related operations or particularly well-authorised users in the SAP system. For example, you can log failed RFC calls system-wide, delete users, or log all activities of the default user, DDIC. For these loggers you need different recording filters and, if necessary, the possibility to select generic clients or users. Therefore, we will show you the settings you can make when configuring the Security Audit Log.
In our eCATT test configuration, the prepared file can now be used to play the recording. Note that playback stops when we encounter an error in the PFCG transaction, such as when we try to create a role with the input values that already exist. To play, specify the file under External Variants in Test Configuration and click Run (F8). You will be given the opportunity to set some playback properties. Now, with Run, it starts. You will see some messages from the PFCG version at the bottom of the status bar and will end up with a summary of success (or failure if there were errors). We admit that eCATT is more complex to use than the transaction SU10. However, if you have used eCATT a few times, it is quite quick. Please always note that the basic mechanism is to play a recording and therefore other organisational levels (e.g. a third organisational level, which is in the dialogue before the work and the sales point) also require a different recording and editing.
CONCLUSION
Users of your Web applications should have access to the applications that correspond to their particular business roles. You can use the S_START authorization object to map this request in the PFCG roles. Applications based on SAP products offer users different access methods, of which the use of SAP GUI with application-related SAP transactions is to be called "classic". In Web applications, application interfaces are represented in a Web browser. Not only transactional processes, but also the display of results from data analyses or static facts should be supported. The SAP transaction model, which controls access through the S_TCODE authorization object, does not meet these requirements.
If there are no buttons for copying and pasting in the PFCG transaction, you can simply insert them. Only seven lines are displayed in the dialogue box to maintain field values to properties in transaction PFCG. Up to now it was not possible to insert more than these seven lines at once from the clipboard. However, this may often be necessary in the context of the maintenance of permissions, for example if you want to use entries from other roles. Read how to copy and paste the buttons in the dialogue box to maintain field values to the authorization objects.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
So far, changes in the SE97 transaction have been overwritten by inserting support packages or upgrades.
You can adjust this size using the auth/su53_buffer_entries profile parameter.