SAP Authorization Trace - Simple Overview of Authorizations
Authorizations in SAP systems: what admins should look out for
Of course, these objects can be adapted to the requirements of a company at any time. If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program. If the standard objects do not meet the desired requirements, the programmer can create his own authorization objects that contain the required authorization fields.
In addition, you can also define customised permission checks in the SOS and also define combinations of authorization objects and their values. You can create up to 1,000 custom permissions checks in the Check ID namespace 9000 to 9999. You can also redefine whitelists for these permission checks, which apply to either individual or all of the customer's permission checks. The configuration is described in SAP Note 837490.
Error analysis for authorizations (part 1)
In addition to existing authorization objects, you can also create your own authorization objects and select existing authorization fields such as Activity (ACTVT). To the individual fields then, as with ACTVT, the permissible options which are deposited at the field can be specified. Thus, for an own authorization object with the authorization field ACTVT, the activity 01 Add or Replace, 02 Change and 03 Display can be selected and would then be available as a selection in the authorization field in the role maintenance.
This report not only gives you an overview of the table logging settings in the tables, but also allows you to select multiple tables for logging. The Log flag button allows you to set the table logging check for all previously selected tables. The current status of the table loggers for the tables can be found in the Protocol column. The icon means that the table logger for the selected table is off.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Structural authorizations should therefore only be used together with general authorizations.
This is two months in the SAP standard; You can also extend this time period.