Know why which user has which SAP authorization
Role Management
This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure. This ensures the quality of authorizations in the long term. Authorizations in SAP systems enable users to access the applications relevant to their activities. To ensure that processes are mapped securely and correctly, SAP authorizations must be regularly checked and reworked.
Identify the user master record in the Active Directory associated with the user ID that you are creating in the SU01 transaction. To do this, search within the Active Directory for a user master set for which the user ID you are looking for is entered as the SAP user name. Next, fill in the transaction SU01 fields with the data from the Active Directory User Set.
Set password parameters and valid password characters
This missing functionality comes with SAP Note 1902038 and can only be recorded via the respective support packages for SAP NetWeaver Releases 7.31 and 7.40. The ZBV's change documents are written for the USER_CUA change document object. The analysis of the change documents can be accessed using the following methods.
You want to document internal system revisions and authorisation monitoring? The new cockpit of the Audit Information System offers you some practical functions. There are several legal requirements that require a regular audit of your SAP system. As a general rule, there are internal and external auditors who carry out such audits. In addition, user and permission management can set up their own monitoring of permissions to avoid unpleasant surprises during audits. Auditor documentation is often standardised in the case of external auditors; for the internal audit or your own monitoring, however, in many cases a suitable documentation is missing. In spite of automated evaluations, external auditors often also demand an activation of the Audit Information System (AIS). We will show you how to activate the AIS and take advantage of the new AIS cockpit.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The authorization concept in your organization states that access (processing) to Records Management objects should be allowed for an employee only within his/her own organizational unit.
To obtain the trace data for each authorization object, select the authorization object you want to customise in the upper-left pane of the Permissions object drop-down list.