Direkt zum Seiteninhalt
Detect critical base permissions that should not be in application roles
In the transaction SU01, enter a non-existent user ID and click the Create button (F8). The BAdI BADI_IDENTITY_SU01_CREATE is called with the new user ID. Implementation in the BAdI is running. For example, here you can read additional attributes to the new user from an external data source. The data collected within the BAdIs is written into the fields of the transaction SU01. This will show you the new user master set with the pre-filled fields. You can edit the user master record, such as assign roles, or change the pre-populated fields.

You can assign a Table or Care View to a table through the SE11 transaction or SE54 transaction. This mapping is defined as a customising setting and therefore remains in place after a release change. You can assign a table to a table permission group by using the SE11 transaction by selecting your table in the start image and pressing the Display button.
SAP Data Analytics
You can find the evaluation methods in table T77AW. A valid evaluation method for our example is US_ACTGR. To assign the roles indirectly, the following requirements are required: Organisational management must be active, i.e. you must have defined an active plan variant in the client. To be able to use the employee-user connection in a SAPERP-HCM system, Info Type 0105 (Communication) and Subtype 0001 (User ID) must be maintained. To enable role management via organisational management, you must set the HR_ORG_ACTIVE switch in the PRGN_CUST table to YES in the Customising.

Various activities, such as changes to content or the assignment of roles, are made traceable via change documents. This authorization should only be assigned to an emergency user.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

You can perform this manually via the transaction PFUD or schedule it as a job.

If you want to know more about SAP authorizations, visit the website

To do this, select the respective evaluation path by selecting it, and click on the evaluation path (individual maintenance) in the menu on the left.
SAP Corner
Zurück zum Seiteninhalt