Configure Security Audit Log
Set up login locks securely
Then you create a subroutine with the same name as the User-Exit definition and programme your customised checks (for example, for specific data constellations or permissions). Include the exit definition (UGALI) via the GGB0 transaction. You will need to call this transaction again to read the programmed exit and select it.
Versions are the change documents within the development environment, for example, for changes to ABAP source code or the technical properties of tables. This authorization should only be assigned to an emergency user.
SAP authorizations: Recommendations for setting up, monitoring and controlling
Permissions profiles are transported in the standard (since release 4.6C) with the roles. If you do not want to do this, you have to stop the data export in the source system by the control entry PROFILE_TRANSPORT = NO. The profiles must then be created by mass generation before the user logs are matched in the target system. This can be done via transaction SUPC.
It's never too late to rethink your authorization concept. Start by defining the objective of each role and take advantage of the reporting offered in SAP SuccessFactors.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
This is followed by an explanation of which tasks can be automated using the Profile Generator.
Here, authorizations must be assigned very restrictively, e.g. only to emergency users.