Permissions objects already included
Do not assign SAP_NEW
Finally, you can extend your implementation of the BAdIs BADI_IDENTITY_SU01_CREATE and pre-enter additional fields of the transaction SU01. To do this, complete the appropriate SET_* methods of the IF_IDENTITY interface. For example, it is possible to assign parameters that should be maintained for all users, assign a company, or assign an SNC name.
The direct consequences are overauthorized users, a lack of overview and dangerous security gaps. In order to get the system back on track in the long term, a redesign is usually the most efficient solution. Depending on the requirements and project framework, we also rely on proven software solutions from our partners.
User master data
Permissions profiles are transported in the standard (since release 4.6C) with the roles. If you do not want to do this, you have to stop the data export in the source system by the control entry PROFILE_TRANSPORT = NO. The profiles must then be created by mass generation before the user logs are matched in the target system. This can be done via transaction SUPC.
How to maintain security policies and map them to your users is described in Tip 5, "Defining User Security Policy." You need a separate security policy for administrators to implement this tip, which is often useful for other reasons. In this security policy, you then set the policy attribute SERVER_LOGON_PRIVILEGE to 1. For example, you can also include the DISABLE_PASSWORD_LOGON policy attribute setting, because administrators often want to be able to log in with a password on the system.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
To implement the BAdIs, use the transaction SE18; there you can also see the example class CL_EXM_IM_IDENTITY_UPDATE.
Role credentials saved by the last edit are displayed.