Calling RFC function modules
Automatically pre-document user master data
You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements. This BAdI is called whenever an encrypted e-mail is sent. An extension allows you to search for a valid certificate at run time (for example, the one with the longest validity) to the recipient's email address in a source you defined. In the default implementation, the BAdI searches for the certificate in the Trust Manager's address book. For details on the availability of BAdIs, see SAP Note 1835509.
Authorization object: Authorization objects are groups of authorization fields that control a specific activity. Authorization objects should always be defined in advance with the user group and then relate to a specific action within the system.
Authorization concept - recertification process
WF-BATCH: The WF-BATCH user is used for background processing in SAP Business Workflow and is created automatically when customising workflows. WF-BATCH is often associated with the SAP_ALL profile because the exact requirements for the permissions depend on the user's usage. The password of the user can be set and synchronised via the transaction SWU3. Safeguard measures: After automatic generation, change the user's password and assign it to the SUPER user group.
Once you have defined your criteria for executing the report, you can create different variants for the report and schedule corresponding jobs to automatically lock down or invalidate the inactive users. If you want to start the report in a system that is connected to a Central User Management, you should consider the following points: You can only set local user locks. You can set the validity period only if the maintenance is set to Local in the settings of the Central User Management (this setting is set in the SCUM transaction).
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
You should always enable table logging for all clients.
To do this, click the Permissions tab.