User & Authorization Management with SIVIS as a Service
In these cases, the total permissions from the RFC_SYSID, RFC_CLIENT, and RFC_USER fields will not be applied. However, you will always see a system message. These constraints cannot be changed by the settings of the customising switch ADD_S_RFCACL in the table PRGN_CUST.
Insert SAP Notes 1656965 and 1793961 into your system. With these hints, the report RSUSR_LOCK_USERS is delivered or extended. This report supports automatic selection and blocking of inactive users. To do this, you have to select the criteria in the selection screen of the RSUSR_LOCK_USERS report, according to which you want to lock or invalidate users. You can determine the choice of users by using various criteria. It is recommended to take into account the period since the last login in the Days since last login field and the password status in the Days since password change field. You have the option to check the result of the selection and view the users found. To do this, select the Test of Selection action in the Select Action pane. You can also choose between the User Lock-outs (Local Lock-outs) and User Unlock (Local Lock-outs) actions in this area. You can set the end of a user's validity by clicking the corresponding options for "today" or "yesterday". Note that you can only set the validity for current users.
Assign SAP_NEW to Test
Upgrades also require that the eligibility roles be revised. In this context, you can use the SAP_NEW profile for support. During an upgrade, changes and enhancements to permissions checks are included in SAP NetWeaver AS ABAP. In order for users to continue to perform their previous actions in the SAP system as usual, you as the permission administrator must revise or add to the authorisation expressions within the framework of the established permission concept. Basically, you use the transaction SU25 for this purpose. For the transition period, you can use the SAP_NEW permission until the permission concept is up to date on the new release. Since the handling of SAP_NEW is not always transparent and the question arises, for example, when the profile should be assigned and when not, we explain the background here.
Do you have questions about the SAP authorization concept? Do you want to revise an existing authorization concept or need help assigning SAP authorizations? Our SAP consultants will be happy to support you in all questions regarding the structure and design of SAP authorization concepts. Based on our many years of experience, we have developed best-practice procedures so that we can support you quickly and cost-effectively both with initial implementations and with challenges during ongoing operations. Arrange a no-obligation consultation and take the next step in your digital transformation.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
They enable users to access the applications they need to perform their activities.
In the PRGN_CUST table, set the customising switch REF_USER_CHECK to E.