Retain the values of the permission trace to the role menu
Delete invalid SU24 Checkmarks: This function deletes all records that contain an unknown value as a check mark. This is either C (Check) or N (Do Not Check).
Permissions must have both identical maintenance status (default, maintained, modified, manual) and an identical active status (active or inactive). Exceptions represent changed permissions and manual permissions; these are summarised when the active status is identical.
SAP Authorizations - Overview HCM Authorization Concepts
After activation, advanced security checks are available in the usual development environment within the ABAP Test Cockpit. The ABAP Test Cockpit is a graphical framework for developers. Various test tools, such as the Code Inspector or the SAP Code Vulnerability Analyser, can be integrated into this. All available test tools can be initiated from this central location and present their results in a common view. No training is required to intuit the tool.
The report PRGN_COMPRESS_TIMES provides a remedy. You can call it directly or in the edit mode of a PFCG role in the PFCG transaction via Tools > Optimise User Mapping.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
The valid programmes or transactions are stored in the SAP TPCPROGS delivery table, but do not follow a uniform naming convention.
First, the Web application developers must implement appropriate permission checks and make PFCG available for use in role maintenance in the transaction.