SAP FICO Authorizations
User Information System (SUIM)
The view of the executable transactions may differ from the transactions for which the user has permissions, because the RSUSR010 report displays only the transactions that are actually executable. Not only does the transaction need to be started by the S_TCODE authorization object, but the following conditions must also be met: For certain transactions, there are additional permission checks that are performed before the transaction starts. These eligibility objects are then additionally entered in the transaction SE93 (Table TSTCA). For example, queries against the P_TCODE, Q_TCODE, or S_TABU_DIS authorization objects. The transaction code must be valid (i.e. entered in the TSTC table) and must not be locked by the system administrator (in the SM01 transaction).
Careful maintenance of suggestion values in the relevant authorization objects results in recurring benefits in creating and revising roles for Web applications. In addition, the SU25 transaction supports role post-processing in the context of SAPUpgrades.
User Interface Client Permissions
If, after an upgrade or after inserting a support package, you have used the SU25 transaction with steps 1 or 2a to bring suggested values to the latest SAP system state, you must restore the suggested values to the customer's organisation levels with the PFCG_ORGFIELD_UPGRADE report. To do this, you must run the report for each field, with the report's search engine showing only the affected organisation levels.
Database Schema Privileges permissions: Schema Privileges are SQL object permissions that control access to and modification of a (database) schema, including the objects contained in that schema. A user who has an Object Privilege for a schema also has the same Object Privilege for all objects in that schema.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
For example, if you check what table permissions a particular user has based on the S_TABU_DIS authorization object, you will receive information about the table names, the associated table permission group, and the eligible activities.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Therefore, simply change the result area in the Customising window using the following path: Controlling > Income and market segment accounting > Structures > Set result area.