Equal permissions
Compensating measures for segregation of duties conflicts
The permission checks are logged as part of the system trace in transaction ST01. It records all permission checks and validated permission values for a specific application server, and specifies, depending on the client, whether the permission checks were successful or not. The Trace display has now been improved (see also SAP Note 1373111).
Assigning clear authorizations to employees is not a sign of mistrust, but offers a high level of protection - both for the company and for the employees themselves. By assigning SAP authorizations on a role-specific basis, each employee is given access to the system according to his or her task.
Maintain generated profile names in complex system landscapes
Add missing modification flags in SU24 data: This function complements the modification flag for entries that have changed since the last execution of step 2a in the transaction SU25, i.e., where there is a difference to the SAP data from the transaction SU22. The flag is thus set retrospectively, so that no customer data is accidentally overwritten with step 2a due to missing modification flags.
You want to create a permission concept for applications that use SAP HANA? Find out what you should consider in terms of technical basics and tools. As described in Tip 22, "Application Solutions for User Management in SAP HANA", there are different application scenarios where the permission assignment on the HANA database is required.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
You can transfer this folder to a separate PFCG role by locally specifying the PFCG role that contains the GENERIC_OP_LINKS folder in the new PFCG role under Menu > Other Role >.
After these preparations, we now proceed to the expression of the User-Exit in the validation that has just been created.