Even if key users (department users/application support) do not have to develop their own authorization objects and cooperation with SAP Basis is always advantageous, there are often technical questions such as "Which users have authorization to evaluate a specific cost center or internal order?
User Management
Suitable for this responsible task are, for example, department heads or SAP key users who are familiar with all data access options (cross-module, via report, directly to the raw table, etc.) as well as with the organizational and technical protection measures. By signing the data ownership concept, the responsibility should be acknowledged and taken as seriously and bindingly as, for example, the signature under the purchase contract of a house.
However, you can also use the proof of use in the authorization object maintenance to search for specific implementation sites. To do this, open the authorization object in the SU21 transaction. Open the proof of use via the button and a pop-up window appears for querying usage modes (for example, using the affected authorization object in programmes or classes). After making your selection in the Usage Proof, all of the affected implementations will be tabulated. Double-click to access the relevant code locations.
Permissions checks
In order to sustainably guarantee the security of the SAP system internally and externally, regular auditing is indispensable. Existing rule violations must be detected and corrected. In addition, it is important to document the regular operation of SAP in order to have evidence of this for external and internal requirements. Automated processes can save a lot of time and money.
If business partners are deposited to the user IDs, the standard evaluation paths lead to a dead end. Adjust it so that the indirect role mapping works anyway. In SAP CRM, you can set up an organisation management, as in SAP HCM. You can maintain organisational units and posts and assign business partners with their user IDs. In SAP CRM, however, there is the specificity that user IDs are not directly assigned to a job, but are usually indirectly assigned by the associated business partner. All persons and organisations involved in business processes are represented as business partners in SAP CRM.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
By inserting the SAP Notes 1854561 or the relevant support package from SAP Note 1847663, it is possible to define a filter for this trace via the STUSOBTRACE transaction, which you can restrict by the type of application, authorization objects, or user criteria.
The first call does not display the newly created project.