Reference User
Task & functionality of the SAP authorization concept
The role concept provides that each user can only process the tasks to which he is authorized. It is developed across departments and must protect sensitive data from unauthorized access. A clear role concept enables a modular structure of authorizations without having to create separate roles for each user.
In order to be able to use the following reports, you must not only have the appropriate authorizations, but also be aware that, depending on your SAP release or Notes, some reports are not yet or no longer available. The following reports were executed with release level 7.50.
Limit character set for user ID
Use the RSUSR003 standard report (or RSUSR003 transaction) to validate the default users for initial passwords and ensure the security policies associated with those users. You can define and use your own layout on the home page. After the report is executed, you will be presented with an overview of the existing standard users in the different companies. This includes the password status, a lock flag, the reasons for the lock, the number of false logins, the user validity periods and the security policies associated with the users. The security policy appears to help you understand whether these users are subject to special login or password rules.
After all authorizations are maintained, the role must be saved and generated and a user comparison must be performed. However, this should not be a topic here in the article. This can also be done with the transaction PFUD (see comments to the article "SAP BC: Empty user buffer" :-).
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Since there may of course be different security requirements for the systems in your landscape (e.g. development and production systems), you can define different target systems with the appropriate settings.
For selection criteria outside the valid time period, the message "Not authorised to display data from this time period" appears.