SAP Authorizations Maintaining Authorization Objects (Transaction SU21) - SAP Basis

Direkt zum Seiteninhalt
Maintaining Authorization Objects (Transaction SU21)
Excursus Special feature for authorizations for FIORI Apps under S/4HANA
You can't keep an eye on everything. Therefore, avoid that your colleagues do not assign users to a user group, and thus ensure that the user master data maintenance permissions check is correct. You do not want a user without a user group to be able to be created in your SAP systems? Users without a user group can be changed by all administrators with permission for any user group. You should also prevent incomplete permission checks when assigning roles and profiles to users without a permission group. Because it is possible to assign roles and permissions to a user first, and then assign a user group that does not have permission to assign roles and profiles. Finally, do you want to change the user group for an existing user without having permission for the new user group? In the following section we will show you how to secure your user master data maintenance.

This function was not part of the standard delivery. With the support package named in SAP Note 1860162, the transaction SAIS_SEARCH_APPL is now delivered. This transaction allows you to verify that other applications have startup properties similar to those available in a particular application. For example, we searched for applications with similar functionality as the PPOME transaction provides.
Deletion of change documents
The first step is to create an IMG project. You can create a new project or edit an existing project to create a customising role. To do this, call the SPRO_ADMI project management entry transaction. If a suitable project is not available, you can view the list of SAP customising activities. To do this, click the SAP Reference-IMG button or create a new project. To do this, select the Create Project button ( ) or the (F5) button. A new window will open, where you enter the project name. Note that you have a maximum of ten characters for the name. Once you have confirmed your input, a new screen will open. The General Data tab allows you to specify users, project managers, project times, and the language for the information texts.

With these methods, we not only help you with the implementation. You can also maintain and manage the solutions yourself afterwards, or you can trust us to run them for you: We call this Customer Success.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

Once you have completed the upgrade of the Eligibility proposal values, you will be given the option in Step 3 (Transport of the Customer Tables).

The profiles must then be created by mass generation before the user logs are matched in the target system.
Zurück zum Seiteninhalt