Advantages of authorization concepts
RSUSRAUTH
The changes made by inserting the note or upgrading to the above support packages do not only affect the SAP_ALL profile. While it remains possible to assign the full RFC_SYSID, RFC_CLIENT, and RFC_USER permissions in principle; However, this can only be done manually in the PFCG transaction through the dialogue maintenance of the fields. In this case, another dialogue box will open, indicating the security risk. You must confirm this window. From this change of behaviour of the SAP_ALL profile, it follows that all automatic methods for taking over the overall authorisation are no longer available in the fields of the S_RFCACL authorization object.
This report not only gives you an overview of the table logging settings in the tables, but also allows you to select multiple tables for logging. The Log flag button allows you to set the table logging check for all previously selected tables. The current status of the table loggers for the tables can be found in the Protocol column. The icon means that the table logger for the selected table is off.
Assignment of roles
When scheduling a job, another user can be stored as the executing user. This means that the individual processing steps of the job are technically carried out by the stored user with his or her authorizations. This means that activities could be triggered that could not be executed with the user's own authorizations.
Do you want to keep track of what changes have been made to the Central User Management configuration or the distribution parameters for the User Master's Care? You can manage the change documents centrally. The Central User Administration (ZBV) is used to create users, assign roles and distribute them to the respective subsidiary systems. For this, the ZBV has to be configured initially. These include defining the ZBV landscape, i.e. defining the central system and subsidiary systems, adjusting the distribution parameters and transferring users from the subsidiary systems to the central system. You can also configure the ZBV afterwards. For example, you can add subsidiary systems or release them from the ZBV. In the transaction, you can modify SCUM to change the field allocation properties so that fields that were originally globally distributed across the ZBVs are also locally maintainable. All this information about the changes to the ZBV configuration has not been centrally logged.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The digital signature serves the integrity of the data; the sender of an e-mail can be verified.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
Then you create a subroutine with the same name as the User-Exit definition and programme your customised checks (for example, for specific data constellations or permissions).