Make mass changes in the table log
Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
Maintain authorization objects more easily
If you want to understand how to run a permission check in your code, you can use the debugger to move through the permission check step by step. To implement your own permission checks, it may be helpful to see how such checks have been implemented in the SAP standard. In this tip, we show you how to view the source code of permission checks using the debugger in the programme, or how to get to the code locations where the permission checks are implemented.
The logging takes place in both the central system and the subsidiary systems. If the change documents are to be read for the attached subsidiary systems, the subsidiary systems must also be at the release and support package status specified in SAP Note 1902038. In addition, RFC users in their daughter systems need permission to read the change documents using the S_USER_SYS authorization object with the new activity 08 (Read the change document).
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Structural authorizations work with SAP HCM Organizational Management.
Safeguard measures: In all systems (except for client 000 due to upgrade features), set DDIC to the System user type.