Authorization check
Transports
If you set the profile parameter dynamically, no users are logged out of the application server. You can prepare maintenance work in good time. The value 2 in the profile parameter does not prevent the login with the emergency user SAP*, if this is not set as user master record and the profile parameter login/no_automatic_user_sapstar is set to 0. You can also change the value of the parameter again at the operating system level. For details on the SAP user, see Tip 91, "Handling the default users and their initial passwords".
There are many advantages to using an authorization tool for companies. These include: - Managing authorization requests - Distributing and assigning authorizations - Auditing authorizations - Developing authorizations. With the help of authorization tools, it is possible, for example, to drastically reduce the effort required for role creation and authorization management through concrete assignment of SAP system roles.
Know why which user has which SAP authorization
Logs: Protocols exist for all audits performed. This allows you to review the history of the audit results at a later stage or to view only the results of the last audit. To do this, use the protocol evaluation of the AIS in the transaction SAIS_LOG or click the button in the transaction SAIS.
To maintain suggestion values, use the transaction SU24. Here you can view and customise suggestion values for all types of applications, such as SAP GUI transactions, RFC building blocks, or Web Dynpro applications. One way to maintain suggestion values is to use the system trace, which is linked to the transaction SU24 after inserting the support package named in SAP Note 1631929 and the correction instructions. This means that from the transaction SU24 you start the system trace, collect trace data and use this data directly during maintenance.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The identification of the required functional components is often considered to be too burdensome and the risks from a lack of limitation are considered to be too low.
To do this, enter the corrections in SAP Note 1947910.