Search for user and password locks
Add external services from SAP CRM to the proposal values
You can limit the recording to a specific user. You can also use the trace to search only for permission errors. The evaluation is similar to the evaluation of the system trace in the transaction ST01. In transaction STAUTHTRACE, however, you can also evaluate for specific authorization objects or for specific permission check return codes (i.e. after positive or negative permission checks). You can also filter multiple entries.
Personally, I'm a big fan of the role-based authorizations in SAP SuccessFactors and I'm glad the system has such extensive capabilities. To review your need for action in this area, I advise you to ask yourself the following questions: Do you know which users get which SAP authorizations and why? Can you explain the concept to your data protection officer? Is it easy for you to introduce a new process because you know how the authorizations work? If you have to answer "no" here (several times), I recommend you to dedicate yourself to the topic. It will make their lives easier in the future. If you need help with this, feel free to contact us!
SAP Authorization Trace - Simple Overview of Authorizations
You can send a signed e-mail to the system you want to announce the certificate to. For example, this is a useful alternative when emailing addresses outside your organisation. A prerequisite for this solution is that a signature certificate exists for your SAP system, in whose certificate list the certificate authority certificate - or certificates - of your users have been imported.
As with an SAP_NEW role, it is possible to generate an SAP_APP role. As with the SAP_APP profile, all permissions are included here, except the base permissions and the HCM permissions. The ability to create this role with the report REGENERATE_SAP_APP exists after inserting the SAP note 1703299. This report generates a role that is fully usable for all applications. However, we recommend using this role only for development and test systems.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The application developer also decides whether his application provides appropriate roles in addition to privileges.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Basically, this is the authorization trace (transaction STUSOBTRACE), which filters for individual users.