Maintain derived roles
Introduction & Best Practices
Dialogue users are intended for use by natural persons who log in to the SAP system via SAP GUI (dialogue login). The dialogue user is therefore the most frequently used user type. The defined password rules apply to him. If the password is set by the administrator, it will get Initial status and must be set by the user at login again to get Productive status.
Define explicit code-level permission checks whenever you start transactions from ABAP programmes or access critical functions or data. This is the easiest and most effective defence to protect your business applications from misuse, because programming-level permission checks can ensure two things: Incomplete or incorrect validation of the executed transaction start permissions will result in compliance violations. Complex permission checks can also be performed adequately for the parameterized use of CALL TRANSACTION.
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
If you still have problems with the performance of the evaluation, despite the regular archiving and indexing of the modification documents of your user and permission management, this is probably due to the amount of central change documents. In this case, you also need an archiving concept for other key change document data. SAPHinweis 1257133 describes the procedure for creating such a concept.
First, consider the transport of your proposed permissions from various development systems to a consolidation system. When you save permission proposal values in transport orders, you will notice that generic entries are used instead of detailed BOMs. These generic entries mark all applications, for example, with TR*..
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
This is now easier by using the security policy in combination with the login/server_logon_restriction profile parameter.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
If the system trace has recorded permission data for this authorization object, it will appear in the right pane of the window.