Structural authorizations
Essential authorizations and parameters in the SAP® environment
You will also notice that many tables have the table permission group &NC& assigned to them, and therefore differentiation over table permission groups over the S_TABU_DIS authorization object would not work at all. Furthermore, you cannot assign permissions to only individual tables in a table permission group using S_TABU_DIS. In such cases, the investigation shall continue: If the permission check on the S_TABU_DIS authorization object fails, the S_TABU_NAM authorization object is checked next. Allows you to explicitly grant access to tables by using the table name.
With more than 28 users, the simple Copy & Paste in the user selection no longer works. However, this does not mean that you have to care for all users individually! It is common for you to make mass changes to users in the SAP system, such as changing role assignments, locking a group of users, or having to adjust their validity dates. Unfortunately, there is no button in the start image of the transaction SU10 that allows users to be pasted from the clipboard. While Copy & Paste allows you to insert users from the clipboard, this feature is limited to the visible area. Therefore, it is not possible to add a list of more than 28 users, which can be very difficult for long lists.
Deleting table change logs
The general SAP authorizations are used most often and for many things they are sufficient. For example, if only the HR department has access to the SAP HCM system. However, if other users come onto the system and you only want to allow them access to a limited number of personnel, then in the case of the general authorizations you have to deal with the organization key of infotype 1 (VSDK1), which must be hard-coded into the authorization roles. If ESS/MSS or Manager Desktop etc. now come into play, however, this means a large number of authorization roles, namely a separate one for each manager. This makes maintenance and servicing very time-consuming and your authorization concept becomes opaque, which in turn brings the much-quoted auditor onto the scene.
SAP Note 1720401 extends the SU10 transaction (mass maintenance of users) with the previously missing option to select users by login date and password changes. The notice adds these features to the RSUSR200 report. This report can also be executed directly using the transaction SU10 and the corresponding permission. After the hint has been inserted, the transaction SU10 will be expanded to include the login data button.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Before you can start upgrading the suggestion values and roles, you need to consider a few things.
You should therefore protect the passwords in your system in various ways.