Data ownership concept
Maintain authorization objects more easily
In a local table, find an entry for the user ID that you are creating in the SU01 transaction. For example, such a local table might be an Active Directory replication or a mini personnel master set, or you may have another data source that you replicate to your SAP system. Then, fill in the fields of transaction SU01 with the data from the local table.
Structural authorizations work with SAP HCM Organizational Management. They primarily define who can be seen, but not what can be seen, based on evaluation paths in the org tree. Therefore, structural authorizations should only be used together with general authorizations. The determination works via a so-called authorization profile. In this profile, the evaluation paths are used to define how to search on the org tree. Function modules can also be stored, which can be used to determine objects from Organizational Management using any criteria. This makes the structural authorizations very flexible.
Further training in the area of authorization management
A user trace is therefore also a trace over a longer period of time. Currency of the trace execution, the authorization check is recorded exactly once for each user.
With the SAP NetWeaver 7.03 and 7.30 releases, Web Dynpro ABAP applications (as well as other Web Dynpro ABAP functions, see SAP Note 1413011) have been tested for permission to launch such applications. The authorization object that controls this startup permission is S_START. This authorization object is used in the same way as the S_TCODE authorization object.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The specifications for this should already be written down in the SAP® authorization concept.
For example, you can filter the loggers of multiple emergency users.