SAP Authorizations Automatically pre-document user master data - SAP Basis

Direkt zum Seiteninhalt
Automatically pre-document user master data
Custom Permissions
You cannot increase the retention time afterwards; Therefore, you should adjust the configuration in good time before starting a project. In addition, you should change the settings of the stat/rfcrec and stat/rfc/distinct profile parameters. For example, you should increase the value of stat/rfcrec to 30, and stat/rfc/distinct should be set to 1. This improves the completeness of the recorded RFC usage data. For details on the technical improvements, see SAP Note 1964997.

Run step 2a (automatic synchronisation with SU22 data). In this step, the data of the transaction SU22 of the new release will be transferred to the transaction SU24. If there is a change or difference in applications (changed check marks, suggestions, field values, or new or deleted authorization objects), the USOB_MOD or TCODE_MOD table of the MOD_TYPE is set to M. With SAP Note 1759777, a selection is offered for step 2a, with which this step can be simulated. Another option, Delete Flags for applications with modified data, is offered to apply the new changes only if Step 2a is executed selectively.
Identify Executable Transaction Codes
If your user is assigned the privilege ROLE ADMIN (either directly or through a role), you can create your own roles and assign them to users. You can do this by drawing on existing privileges and roles. The privileges themselves are provided by developers with appropriate permissions to create applications, including the privileges they require. Often, as the permission administrator, you do not have the privilege to create privileges. This is also useful because only the application developer can decide what properties the privileges of using the objects in the application should have. The application developer also decides whether his application provides appropriate roles in addition to privileges.

The call to your implementation of the BAdIs is the last step in the process of storing user data. This applies to all transactions or function blocks that make changes to user data. Therefore, the BAdI is also called during maintenance by the BAPI BAPI_USER_CHANGE. You use this BAPI when you implement a password reset self-service as described in Tip 52, "Reset Passwords by Self-Service." This enables encrypted e-mail delivery of initial passwords within a self-service framework.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

The values for each entry in this field are entered in the permissions of the role.

If a suitable project is not available, you can view the list of SAP customising activities.
Zurück zum Seiteninhalt