Structural authorizations
Use automatic synchronisation in central user management
However, it is possible to include the same role in several tasks of different operators within each contract. This increases transparency for you, because all participants can instantly identify which users are editing the role. Before you enable the use of the SCC4 transaction setting for role maintenance, you should release existing role transports to avoid recording conflicts. As a rule, you do not choose the setting depending on your role-care processes; So you have to think very carefully about what the activation will do.
Customising roles are temporary because of their project nature. Therefore, when assigning users, maintain the end date. You cannot also map transactions manually if you created a role directly from a project or project view. Conversely, you cannot use an existing transaction role in the menu as a customising role. The transactions associated with a customising role are not displayed in the Session Manager or the SAP Easy Access menu, but can only be viewed through the view in the customising.
Deletion of change documents
Adapting business processes to legal requirements requires control of users and authorizations. Manage your compliance control permanently without risks. Manage users and their authorizations in all SAP systems centrally and efficiently with our solution for your SAP authorization management: Automatically generate authorization roles for users and assign them.
The valid programmes or transactions are stored in the SAP TPCPROGS delivery table, but do not follow a uniform naming convention. Part of the transaction code (e.g. AW01N), part of the report name (e.g. RFEPOS00), or the logical database (e.g. SAPDBADA) is relevant here. Logical databases (e.g. SAPDBADA, SAPDBBRF) are basic data selection programmes and are particularly used in financial accounting. The permission checks, including the time period delimitation, are implemented in the logical database and work for all reports based on a logical database (e.g. the RAGITT00 grid is based on SAPDBADA and the RFBILA00 balance sheet report is based on SAPDBSDF). When you copy the values from the TPCPROGS table, the TPC4 transaction is quickly configured.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
SAP Note 1854561 provides a new possible value for the auth/authorisation_trace parameter: F (Trace enabled with filter).
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
For a call of transactions from SAP ERP from the SCM system to work, the RFC connection to be called for each ERP transaction must be maintained.