Maintain generated profile names in complex system landscapes
Critical authorizations
If you select the SU24 Data Initialisation button, step 1 is the same and you overwrite your SU24 data with the SU22 data for the selected applications. The Auto Sync selection corresponds to step 2a. All new SU22 data will be transferred to the transaction SU24. Modified SU24 data is detected and must be matched manually. However, this information is provided to you in the Determined Synchronisation Status column. If you want to keep your SU24 data as it is for certain applications, select the button Set Status"Verified". To give you more transparency about the impact of your activities, there is a role usage proof via the Roles button. This allows you to check the roles in which the selected applications are used. With the Change Preview selection, you can see which suggestion values would be changed for your selection in the transaction SU24.
Before using the system recommendations, we recommend that you implement the corrections in SAP Notes 1554475 and 1577059. It is also necessary that the systems to be managed are connected to the SAP Solution Manager and that in the transaction SMSY were assigned to a productive system and an SAP solution. Then, in the System Recommendations settings, schedule a background job that collects the relevant information about the attached systems. Relevant information is your release and support package stand, as well as SAP notes and their versions. An OSS connection from the SAP Solution Manager, which you have to set up beforehand, will then perform a calculation in the SAP Global Support Backbone, which will determine the necessary information, i.e., that the SAP Solution Manager itself hardly generates any load from the calculation. To automatically check the security level of your systems, you should also schedule this calculation as a background job.
Conclusion and outlook
SAP authorizations control the access options of users in an SAP system - for example, to personal data. Secure management of this access is essential for every company. This makes authorization concepts, authorization tools and automated protection of the SAP system all the more important in order to meet the stringent legal requirements with little administrative effort.
You can adjust these evaluation methods in the table T77AW or in the transaction OOAW. To do this, select the respective evaluation path by selecting it, and click on the evaluation path (individual maintenance) in the menu on the left. The table that appears defines the relationships between the objects. For SAP CRM only the objects Organisational Unit (O), Headquarters (S), Central Person (CP) and User (US) play a role. For simplicity, you can now copy the lines that use the Person (P) object. Enter a new number here and replace the object P with the object CP.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If the Step user does not have a matching permission, an error message is displayed.
SAP CO can be subdivided into several further subareas.