Add New Organisation Levels
Customise SAP_ALL Profile Contents
The generic entries cause deletions in the target system if the same entries originate from both development systems. To prevent this, insert SAP Note 1429716. Then use the report SU24_TRANSPORT_TABLES to transport your SU24 data. This report creates a detailed transport BOM based on the application names. Since the report has significantly higher maturities than step 3 of the transaction SU25, we advise you to apply this report only in a Y-landscape.
Since SAP NetWeaver 7.02, such a feature is available, which means that you can access the data from the system trace to maintain PFCG roles. In the following we show you how you can apply the permission values from the permission trace to your role. To do this, you must first record applications against their permission checks and then add them to your role menu.
Default permissions already included
If you want to understand how to run a permission check in your code, you can use the debugger to move through the permission check step by step. To implement your own permission checks, it may be helpful to see how such checks have been implemented in the SAP standard. In this tip, we show you how to view the source code of permission checks using the debugger in the programme, or how to get to the code locations where the permission checks are implemented.
In order to sustainably guarantee the security of the SAP system internally and externally, regular auditing is indispensable. Existing rule violations must be detected and corrected. In addition, it is important to document the regular operation of SAP in order to have evidence of this for external and internal requirements. Automated processes can save a lot of time and money.
Authorizations can also be assigned via "Shortcut for SAP systems".
If you want to set up a constraint on AIS users to specific audit structures or protect individual audits from access, you can use the S_SAIS authorization object.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
The Trace display has now been improved (see also SAP Note 1373111).