Displaying sensitive data
Understanding SAP HANA Permissions Tests
There are several ways to view the implementation of permission checks: Either you jump directly from the system trace for permissions to the appropriate locations in the programme code, or you go over the definition of the authorization objects. To view the permission checks from the permissions system trace, start the trace from the STAUTHTRACE transaction and run the applications you want to view. Now open the evaluation of the Trace. In the Programme Name column, you can see the programme that includes the Permissions Check. Double-click to go directly to the code site where the permission check is implemented.
In order to be able to execute subsequent SAP standard reports, you need authorizations to access certain programs or reports and in the area of role maintenance. The transactions "SA38" and "SE38" for executing programs are of particular importance. They enable a far-reaching system analysis by means of certain programs for the end user. Additional rights associated with this, which can go beyond the basic rights of administrators, have to be controlled by explicit values in a dedicated manner.
Redesign of SAP® Authorizations
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
Transaction PFCG also offers you the option of automatically collecting permissions. Not every transaction entered into a single role via a role menu necessarily needs its own permission entry in the permission tree, because some transactions have identical or similar permission proposal values.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
As described in SAP Note 543164, the dynamic profile parameter auth/authorisation_trace of the trace is set to Y (active) or F (active with filter).
Basically, you use the transaction SU25 for this purpose.