Full verification of user group permissions when creating the user
Statistical data of other users
Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values. Authorizations allow users to perform actions within the system.
This function was not part of the standard delivery. With the support package named in SAP Note 1860162, the transaction SAIS_SEARCH_APPL is now delivered. This transaction allows you to verify that other applications have startup properties similar to those available in a particular application. For example, we searched for applications with similar functionality as the PPOME transaction provides.
Perform Risk Analysis with the Critical Permissions Report
The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar.
Only current profile data is always recorded, so that obsolete profiles and permissions in the target system cannot be deleted by transport. This data remains associated with the users and remains effective until it clears a user synchronisation with the Cleanup option (transaction PFUD).
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Please also refer to our explanations on the involvement of your organisation's co-determination body in the storage and use of the statistical usage data.
Based on the authorization concept, the administrator assigns authorizations to users that determine which actions a user is allowed to perform in the SAP system after logging on to the system and being authenticated.