Permissions with Maintenance Status Changed or Manual
Identify Executable Transaction Codes
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
In everyday role maintenance, you often have to change the permission data of a single role again after you have already recorded the role in a transport order along with the generated permission profiles. In this case, you have previously had to create a new transport order because the table keys of the generated profiles and permissions are also recorded for each individual role record, but are not adjusted for subsequent changes in the role data.
Bypass Excel-based Permissions Traps
For an up-to-date description of the eligibility tests in the EWA, see SAP Note 863362. Updates to these checks are provided by keeping the ST-SER software component, which contains the definition of checks to be performed, up to date and enabling the automatic content update in the SAP Solution Manager.
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
This transaction is intended for migration tasks, but is also very well suited to allow a particular transaction to be repeated and automated.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
However, if you have used eCATT a few times, it is quite quick.