Lock Inactive Users
User group can be defined as required field
With the help of the transaction SU22, the software developers can deliver their application with the appropriate authorization objects. After the transfer of the data from the transaction SU22 to the tables from the transaction SU24, the role developer may further process the proposed values with the transactions SU24 or SU25 for use in the transaction PFCG. Please also refer to the SPA 1539556.
You can create such an organisational matrix as an Excel file or in ABAP; This depends on how you want to read the data. When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered. We first describe how you can provide automated mass care in the form of a custom development.
Using suggestion values and how to upgrade
The path with the associated permission group DEVL contains the local temporary files of the ABAP Frontend Editor of the ABAP development environment (transactions SE38, SE80, SE24, etc.). The two paths with the ADMN permission group show how logically related paths can be grouped into a S_PATH permission check. The two entries with the FILE permission group show how paths for Windows can be completed in systems with application servers of different operating systems. The core.sem and coreinfo entries are required to write run-time errors in the SNAP snapshot table. The dev_ and gw_ entries allow you to view files from the developer trace and Gateway Log in the ST11 transaction. If the suggestion in the first entry of the table is too restrictive, you can choose the alternative in the following table. This entry only forces a permission check on S_PATH and the ALL permission group; You should, however, only grant such permission very restrictively.
Thanks to the new feature provided with the Support Package mentioned in SAP Note 1847663, it is possible to use trace data from the privilege trace in the SU24 transaction for suggestion value maintenance. The system trace that you can call through the ST01 transaction or the STAUTHTRACE transaction (see also Tip 31, "Optimise Trace Evaluation") is a short-term, client-dependent trace that you can restrict to users or applications.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Select the entry you just created and double-click to open the Permissions Data folder to maintain the permissions data.
The only way to qualify your UI components is to manually maintain the UIU_COMP authorization object.