Retain the values of the permission trace to the role menu
Which challenges cannot be solved with authorization tools alone?
First of all, represent your organisation. Map the business processes (if necessary only at the generic level of applications such as MM or CO) across the organisation. On this basis, determine which organisational characteristics (organisational levels, but also cost centres, organisational units, etc.) represent which parts of the organisation. Define (if necessary, only in detail in accounting, otherwise at the level of applications) which functions must necessarily remain separate. If you have a running system, evaluate the use of the last 13 months (see Tip 26, "Use usage data for role definition"). Set up a new system and make sure that processes are always documented to the level of transactions. In such a case, it is also best to collect the business risks directly in the process description.
The Security Audit Log (SAL) has ten different filters in the current releases, which control which events are logged. You can configure these filters via the SM19 transaction. The events are categorised as uncritical, serious or critical.
Advantages of authorization tools
When your selection is complete, just exit the image with the green button. You will now arrive at the Details Selector screen, where you can select the selection fields and the output fields (the List Field Selector and Selection Fields tabs) of your table combination. We select the authorization objects and values as selection and the role name, and the user as output fields. Done! Now the query can be started with the Run button. In the background, the system creates a programme that builds the join. As a result, a selection screen appears. Enter"S_TCODE"as object and"SCC4"as field value (we only have one field for this object). When you click Run, all users and the triggers are output to you.
Object Privileges: Object Privileges are SQL permissions that control access to and modification of database objects (as a whole). The type of object (table, view, procedure) determines which database operations can be authorised. Database operations include SELECT, UPDATE, ALTER, DROP, and DEBUG.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
This must be clarified quickly in the event of a cleanup.
To do this, create a new view in the SE11 transaction and add the table to which the constraint will apply on the Tables/Join Conditions tab.