Analyze user buffer SU56
Since SAP NetWeaver 7.02, such a feature is available, which means that you can access the data from the system trace to maintain PFCG roles. In the following we show you how you can apply the permission values from the permission trace to your role. To do this, you must first record applications against their permission checks and then add them to your role menu.
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
Authorization concepts in SAP systems
Now, if a user attempts to execute a report (for example, by using the KE30 transaction), the user's permissions for that authorization object are checked. Therefore, you must adjust your permission roles accordingly. If the user does not have permission to access the object, his request is rejected. If it has a corresponding permission, the display will be restricted to the permitted area. Access is still allowed for all characteristics or value fields that are not defined as fields of the authorization object.
For accesses by verifier users (from the table TPCUSERN), the selection parameters of the invoked transaction are logged in the application log and can be evaluated with the report CA_TAXLOG. In the example, the single ledger entry for the vendor account 100000 was invoked.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
You can simply export this table to Microsoft Excel and then evaluate it.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
If the note is not implemented, use the USOBT_CD and USOBX_CD tables.