User Information System (SUIM)
Take advantage of roll transport feature improvements
Even the best authorization tools cannot compensate for structural and strategic imbalances. Even a lack of know-how about SAP authorizations cannot be compensated for cost-effectively by means of tools.
In the transaction SU01, enter a non-existent user ID and click the Create button (F8). The BAdI BADI_IDENTITY_SU01_CREATE is called with the new user ID. Implementation in the BAdI is running. For example, here you can read additional attributes to the new user from an external data source. The data collected within the BAdIs is written into the fields of the transaction SU01. This will show you the new user master set with the pre-filled fields. You can edit the user master record, such as assign roles, or change the pre-populated fields.
Authorization concept of AS ABAP
Reference users are not intended to access an SAP system, but are used for authorisation administration and therefore always have a disabled password. Reference users inherit the permissions assigned to them to the users with whom the reference user is registered. For this purpose, the user buffer of the reference user is also created at login and these entries are also checked during permission checks of the inheriting user.
Authorization object: Authorization objects are groups of authorization fields that control a specific activity. Authorization objects should always be defined in advance with the user group and then relate to a specific action within the system.
Authorizations can also be assigned via "Shortcut for SAP systems".
So you can call exactly the authorization trace and set the filter on a user.
The menu can now be finally sorted.