Create permissions for customising
Full verification of user group permissions when creating the user
Configuration validation uses the CCDB's configuration data to reconcile settings. To do this, you define your customer-specific security settings technically in a target system. This contains the specifications for the configuration of SAP systems. You can also define a target system based on the settings of an existing system and adapt it to your requirements. Then you compare the settings of your SAP systems with this target system on a daily basis and get an overview of the deviations. Since there may of course be different security requirements for the systems in your landscape (e.g. development and production systems), you can define different target systems with the appropriate settings. You then start the comparison with a target system for the relevant systems. Alternatively, you can compare to an actual system; For example, this is a useful function in the context of a roll-out.
If you have a Central User Administration (ZBV) in use, there are certain dependencies between the base release of your ZBV and the base release of the subsidiary systems. Check the compatibility of your systems before setting the login/password_downwards_ compatibility profile parameter. For details on the technical dependencies between releases, see SAP Note 1458262.
Making the RESPAREA responsibility the organisational level
Communication users are also intended for use by people who log on to the SAP system from outside via RFC call. Therefore, dialogue is not possible. If the password is set by the administrator, it will be assigned Initial status. However, an RFC call does not prompt the user to change the password. It therefore often retains this status, even if the user has the possibility to change the password by calling a function block (then: Status Productive). The password rules apply to this type of user. However, this is often not noticed in practice, as password rules for initial passwords are less used.
Authorization tools are only as good as the person using them. Until now, no tool has made it possible to create ready-made authorization concepts with just a single click.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
This allows complex authorization checks that are bound to several conditions.
If you want your own developments to meet your security requirements, just like the standard, you must assign table permission groups to the custom tables.