SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
The logging takes place in both the central system and the subsidiary systems. If the change documents are to be read for the attached subsidiary systems, the subsidiary systems must also be at the release and support package status specified in SAP Note 1902038. In addition, RFC users in their daughter systems need permission to read the change documents using the S_USER_SYS authorization object with the new activity 08 (Read the change document).
Identify the personnel master record associated with the user ID that you are creating in the SU01 transaction. To do this, search within the personnel data for a personnel number that entered this user ID in the System User Name SAP System (0001) subtype of the Communication (0105) info type. Subsequently, fill in the fields of transaction SU01 with the data from the personnel master record.
Displaying sensitive data
You noticed that the maintenance status of the permissions in PFCG roles changes when you maintain, change, or manually add authorization objects? Find out what the permission status is. When deleting or adding transactions in the role menu of PFCG roles, the respective permissions in the PFCG role have the Maintenance Status Standard. Add or change the permissions, the Maintenance Status changes to either Care or Changed. You may have seen the Maintenance Status Manual before. What are the background to this maintenance status and what do they actually say?
Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Because previously all password rules for the service user were invalid, and now the rules for the contents of the passwords also apply to the service user (see Tip 5, "Defining User Security Policy" for details on security policy).
To implement this requirement, you can use the BAdI BADI_IDENTITY_UPDATE.