Our offer
Displaying sensitive data
First, the Web application developers must implement appropriate permission checks and make PFCG available for use in role maintenance in the transaction. This includes the maintenance of proposed values in the transaction SU22. The SAP Note 1413012 (new reusable startup authorisation check) provides all the necessary details.
The SAP standard allows you to evaluate the statistical usage data via a standard function block. The call is made through the transaction SE37. Select here the function block SWNC_GET_WORKLOAD_STATISTIC. The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.
Configure Security Audit Log
How do I compare roles (RSUSR050)? With the report RSUSR050 you can compare users, roles or authorizations within an SAP system or across systems. To do this, start transaction SE38 and run the above report.
When you start a report with the ABAP statement SUBMIT REPORT, the system checks the authorization object S_PROGRAM, provided that the program has been assigned to a program authorization group in transaction SE38. If this assignment is not sufficient for your system environment, you can define your own group assignment with the report RSCSAUTH. You must check this assignment after installing Support Packages or upgrades and reassign the reports if necessary.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
However, they will lead to greater transparency and security.
Note that playback stops when we encounter an error in the PFCG transaction, such as when we try to create a role with the input values that already exist.