Implementing Permissions Concept Requirements
System Settings
Users can activate or deactivate processes without affecting other processes. For example, they can activate Succession & Development without affecting position management in Employee Central. With the help of the tool, users always know for what purpose a particular user has been given a particular permission. Basic authorizations, which are identical for every user, are only stored once in a platform role. This ensures that system performance remains optimal.
In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
RSUSRAUTH
This solution is only available with a support package starting with SAP NetWeaver AS ABAP 7.31 and requires a kernel patch. For details on the relevant support packages, see SAP Note 1750161. In addition, the SAP Cryptographic Library must be installed; but this is ensured by the required kernel patch. Only if you have manually made a different configuration, you must check this requirement.
Of course, these objects can be adapted to the requirements of a company at any time. If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program. If the standard objects do not meet the desired requirements, the programmer can create his own authorization objects that contain the required authorization fields.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
To call up business objects or execute transactions in the SAP system, a user therefore requires the appropriate authorizations.
If you do not want to use reference users, you can hide the Reference User field for additional permissions via a standard variant for the transaction SU01.