Using eCATT to maintain roles
Your system landscape does not correspond to a typical three-system landscape? Find out what you should consider when upgrading the suggested values of roles. Your system landscape may differ from the typical three-system landscapes, for example, because you have several development systems or development mandates. Transports are then used to merge all developments and customising entries into one consolidation system. Perform your upgrade work in the SU25 transaction and use Step 3 to transport your SU24 data. By contrast, perform this step in all development systems, run all transports together in your consolidation system, and only the last import of the tables is used. The same entries are also recognised as deleted entries. The same is true with your PFCG rolls. Maintain these in multiple development systems or mandates, and if you now want to transport the rolls with their generated profiles, there is a risk that the profile numbers will be the same, as the profile names consist of the first and third characters of the system ID and a six-digit number. If the profiles originate from the same system (even if the client is a different one), import errors may occur due to the same profile names. In addition, the origin of the profile can no longer be traced afterwards. Therefore, you need a way to transport the data for the permission proposal values and the PFCG rolls in Y landscapes in a transparent and consistent way.
Now switch to User Care and you will find that this PFCG role is not yet assigned to your user. To do this, you must first perform the user master synchronisation. You can perform this manually via the transaction PFUD or schedule it as a job. The background job PFCG_TIME_DEPENDENCY or the report RHAUTUPD_NEW is intended for this.
Authorization concept of AS ABAP
Changes to SAP user data should be uncomplicated and fast. Users can make requests for SAP systems themselves. In exceptional and emergency situations, SAP users should be assigned extended authorizations quickly and for a limited period of time. Simplified assignment and control of exception authorizations in SAP systems is required. You can freely and flexibly determine the duration of these authorization assignments. Decisions can be controlled and monitored across systems. Whether it's recertification of SAP users, vacation requests or birthday wishes: all these things can now be processed and managed centrally in one place.
In each filter, you can define for which clients and users events should be recorded. You can record the events depending on their audit class or categorisation, or you can select them directly via the detail setting. For the Client and User selection criteria, you can use generic values, i.e. you can select all clients or users that meet specific naming criteria (e.g., Client 10* or User SOS_*). For example, you can filter the loggers of multiple emergency users.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
must also be taken into account here.
now come into play, however, this means a large number of authorization roles, namely a separate one for each manager.