Use automatic synchronisation in central user management
Controlling permissions for the SAP NetWeaver Business Client
Only adding an authorization object via SU24 does not automatically result in a check within the transaction. The developer has to include an authorization check exactly for this object in the program code.
In principle, a technical 4-eyes principle must be implemented within the complete development or customizing and transport process. Without additional tools, this can only be achieved in the SAP standard by assigning appropriate authorizations within the transport landscape. Depending on the strategies used, only certain transport steps within the development system should be assigned to users. When using the SAP Solution Manager ("ChaRM") for transport control, for example, only the authorizations for releasing transport tasks should normally be assigned here. The complete processing of a transport in the development system consists of four steps: Creating and releasing a transport request (the actual transport container), creating and releasing a transport task (the authorization for individual users to attach objects to the respective transport request).
RS_ABAP_SOURCE_SCAN
The report RSUSR008_009_NEW (List of users with critical permissions) is provided starting with SAP Web Application Server 6.20 with the following support packages: Release 6.20, starting with SAPKB62039 Release 6.40, starting with SAPKB64003 You can continue using the old reports RSUSR008 and RSUSR009 until release 6.40. The RSUSR008_009_NEW report is delivered with the old SAI proposals for critical credentials already used in the RSUSR009 report.
The call to your implementation of the BAdIs is the last step in the process of storing user data. This applies to all transactions or function blocks that make changes to user data. Therefore, the BAdI is also called during maintenance by the BAPI BAPI_USER_CHANGE. You use this BAPI when you implement a password reset self-service as described in Tip 52, "Reset Passwords by Self-Service." This enables encrypted e-mail delivery of initial passwords within a self-service framework.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
Finally, we would like to draw your attention to SAP Note 1781328, which provides the report PFCG_ORGFIELD_ROLES_UPD.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Learn about a new process that uses timestamps.