SAP systems: Control user authorizations with a concept
Apply User Management Solutions in SAP HANA
You can also use the SU53 transaction to centrally view failed permission checks. Open the transaction and go to Permissions > Other Users or F5 to the User Selection menu. Enter the user whose permissions have failed in the field with the same name. In the results list, you can see permissions that have failed for each user, as in our example, the missing permission to display the AGR_1251 table. You can see that more than one authorization object appears in this evaluation.
The SAP standard allows you to evaluate the statistical usage data via a standard function block. The call is made through the transaction SE37. Select here the function block SWNC_GET_WORKLOAD_STATISTIC. The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.
Bypass Excel-based Permissions Traps
If you select the SU24 Data Initialisation button, step 1 is the same and you overwrite your SU24 data with the SU22 data for the selected applications. The Auto Sync selection corresponds to step 2a. All new SU22 data will be transferred to the transaction SU24. Modified SU24 data is detected and must be matched manually. However, this information is provided to you in the Determined Synchronisation Status column. If you want to keep your SU24 data as it is for certain applications, select the button Set Status"Verified". To give you more transparency about the impact of your activities, there is a role usage proof via the Roles button. This allows you to check the roles in which the selected applications are used. With the Change Preview selection, you can see which suggestion values would be changed for your selection in the transaction SU24.
As in other systems, user maintenance and role/profile assignment must be restricted to the group of user administrators. In contrast to the previous systems, however, roles and profiles are maintained here, so that appropriate rights must be assigned to the role/profile administrators.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
The handling of the emergency user should also be specified in the authorization concept, which should be documented in writing.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
This implementation of the BAdIs complements the Business Transaction Event 1650 described in the second example.