Authorization objects
Use system recommendations to introduce security
Numbers/reminders: The payment and/or collection procedure shall be managed solely on the basis of information from the collection perspective (in particular Table BSEG). For customer and vendor transactions, the Profit Centre is not included in the SAP journal masks by default, and is therefore not available on the appropriate BSEG document lines. Since numbers and warnings are usually centrally controlled processes, this should not be a problem in practice.
Then you create a subroutine with the same name as the User-Exit definition and programme your customised checks (for example, for specific data constellations or permissions). Include the exit definition (UGALI) via the GGB0 transaction. You will need to call this transaction again to read the programmed exit and select it.
Handle the default users and their initial passwords
The SAP authorization concept must generally be created in two versions: for the ABAP stack and for the Java stack. Which roles are required, which role may call which SAP functions, and other conceptual issues are identical. However, there are fundamental differences between the two versions.
Do this once in your system. For example, you can jump from the MM50 transaction to the MM01 transaction without explicitly assigning transaction startup permission to the MM01 transaction through the S_TCODE authorization object. You can see this call in your System Trace for Permissions in the Additional Information column for testing. There you can see that the CALL TRANSACTION call has disabled the permission check. The user is allowed to jump into the transaction MM01, although in the role assigned to him Z_MATERIALSTAMMDATEN only permissions for the transactions MM03 and MM50 are recorded.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
With a service user, multiple logins are always possible, and password modification rules do not work.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
In the permission environment, you can work with reference roles and role derivations in such cases.