Trace after missing permissions
Customise SAP_ALL Profile Contents
You can limit the recording to a specific user. You can also use the trace to search only for permission errors. The evaluation is similar to the evaluation of the system trace in the transaction ST01. In transaction STAUTHTRACE, however, you can also evaluate for specific authorization objects or for specific permission check return codes (i.e. after positive or negative permission checks). You can also filter multiple entries.
If you do not have authorization e.g. for a transaction and you get a message that you are missing authorization, you can use transaction SU53 to analyze the missing authorization. This transaction shows the last failed authorization check, including the authorization objects and authorization fields.
Authorization concepts in SAP systems
You use the RSUSR010 report and you do not see all transaction codes associated with the user or role. How can that be? The various reports of the user information system (SUIM) allow you to evaluate the users, permissions and profiles in the SAP system. One of these reports, the RSUSR010 report, shows you all executable transactions for a user, role, profile, or permission. Users of the report are often unsure about what this report actually displays, because the results do not necessarily correspond to the eligible transactions. Therefore, we clarify in the following which data are evaluated for this report and how these deviations can occur.
SAP Note 1720401 extends the SU10 transaction (mass maintenance of users) with the previously missing option to select users by login date and password changes. The notice adds these features to the RSUSR200 report. This report can also be executed directly using the transaction SU10 and the corresponding permission. After the hint has been inserted, the transaction SU10 will be expanded to include the login data button.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
However, the customising of the CRM business role may be updated.
However, you can maintain your own UI components as external services with suggestion values in the SU24 transaction and take advantage of this information in PFCG role maintenance.