Translating texts into permission roles
Use SU22 and SU24 transactions correctly
Note that the S_TCODE authorization object is always filled with the current transactions from the roles menu. If organisational levels are also included that are no longer required, they will be automatically deleted. If, however, organisational levels are added depending on the transaction, they should be maintained first in the eligibility maintenance.
As part of the use of a HANA database, you should protect both the execution of HANA database functions as well as the reading or altering access to the data stored in the database by appropriate permission techniques. Essential to the permission technique are database objects such as tables and views - which allow access to the stored data - as well as executable procedures and users. The specific HANA-specific permissions assigned to a user are referred to as privileges in the HANA context.
Trace after missing permissions
How do I compare roles (RSUSR050)? With the report RSUSR050 you can compare users, roles or authorizations within an SAP system or across systems. To do this, start transaction SE38 and run the above report.
Eligibility objects that were visible in the permission trace are quickly inserted in rolls. But are they really necessary? Are these possibly even critical permissions? A review of the Permissions Concept can reveal that critical permissions are in your end-user roles. We would like to give you some examples of critical permissions in this tip. It is helpful to know which authorization objects are covered by the critical permissions. They must also ask themselves whether the granting of these allowances entails risks.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
It is customary to keep the supporting documents between 12 and 18 months, as this corresponds to the retention periods for the revision.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Application Privileges: Application Privileges are specific permissions to access applications based on the features of SAP HANA Extended Applications Services (SAP HANA XS).