Efficient SAP rollout through central, tool-supported management
Best Practices Benefit from PFCG Roles Naming Conventions
A new transaction has been added to evaluate the system trace only for permission checks, which you can call STAUTHTRACE using the transaction and insert via the respective support package named in SAP Note 1603756. This is a short-term trace that can only be used as a permission trace on the current application server and clients. In the basic functions, it is identical to the system trace in transaction ST01; Unlike the system trace, however, only permission checks can be recorded and evaluated here.
This also implies that the change documents must be kept in Excel. The Excel file must not be lost or damaged.
Customising User and Permissions Management
Do you have questions about the SAP authorization concept? Do you want to revise an existing authorization concept or need help assigning SAP authorizations? Our SAP consultants will be happy to support you in all questions regarding the structure and design of SAP authorization concepts. Based on our many years of experience, we have developed best-practice procedures so that we can support you quickly and cost-effectively both with initial implementations and with challenges during ongoing operations. Arrange a no-obligation consultation and take the next step in your digital transformation.
SAP Note 1707841 ships an extension to the system trace in the STAUTHTRACE transaction, which enables the permission trace to be used on all or on specific application servers. To select the application servers on which to start the trace, click the System Trace button. Now select the application servers in the list on which you want to run the system trace and start the trace with a click on Trace. In the evaluation of the Permission trace, an additional column named Server Name appears, showing you the name of the application server on which the respective permission checks were logged.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Single sign-on (SSO): This solution is useful if you have not yet used SSO for your SAPS systems or if not all SAP systems are integrated into the SSO solution.
We provide you with a transaction database in which the transactions are evaluated with named user license types.