Translating texts into permission roles
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system, both externally and internally.
If an authorization system grows too much over the years and there is no structured approach, the result is uncontrolled growth. If companies wait too long with the cleanup, a complete rebuild of the authorization structure or a new concept may make sense. This must be clarified quickly in the event of a cleanup.
Preventing sprawl with the workload monitor
The function block was obviously not intended for this use, but our procedure does not affect the programme process and we are not aware of any limitations resulting from this use. You can also apply this procedure to other BTEs that pass data in a similar form. However, you should always exercise caution and check whether the application has already created sum records or whether there are other dependencies. Finally, you will need to create a product you have developed (you can define the name yourself) in the FIBF transaction and assign it to Business Transaction Event 1650 along with the customer's own function block, as shown in the following figure. A custom product may include several enhancements. It forms a logical bracket around the extensions and thus provides a better overview. In addition, it allows for a targeted activation or deactivation of the implementations.
CREATE_EMAIL_CONTENT: The example implementation of this method generates the e-mail content. The user ID, the relevant system and the initial password are listed for each user. When the method is called in the Central User Management (ZBV), all initial passwords associated with the system in which the password was reset are listed. You should adapt the content of the e-mail to your requirements.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Once you have determined that you want to add more fields to your check, assign your authorization object to the AAAA object class and create a new authorization object.
The authorization object that controls this startup permission is S_START.