Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.
If you do not want to use reference users, you can hide the Reference User field for additional permissions via a standard variant for the transaction SU01. The necessary steps are described in SAP Note 330067.
Maintain table permission groups
Especially in complex and multi-level system landscapes, roles may be assigned to a user twice. In addition, roles may also have expired due to the specification of a validity period. To keep your role concept and your user administration maintainable and clean, it is recommended to delete these obsolete roles. You can do this by clicking on the report PRGN_COMPRESS_TIMES. This program is also available via the PFCG under the system tab "Utilities" and category "Mass adjustment".
To calculate the recommendations, you can filter the SAP notes by their productive system, by the SAP solution, and by the applications and components, by the technical system name, and by the time of publication. The recommendation is issued in the following categories: Security-relevant SAP information, information on performance optimisation, HotNews, information on changes in legal regulations, and notes on corrections in the ABAP system.
Authorizations can also be assigned via "Shortcut for SAP systems".
This requires the indication of a minimum age in days for deletion.
Service users are used for multi-person anonymous access, such as Web services.