Trace after missing permissions
Maintain transaction start permissions on call CALL TRANSACTION
The requirements for the architecture of authorization concepts are as individual as the requirements of each company. Therefore, there is no perfect template. Nevertheless, there are topics that should be considered in an authorization concept.
Since the role menu has been adjusted, the PFCG role must now also be adjusted. To do this, go to the Permissions tab and select the Change Permissions Data button. If you are using Expert mode, make sure that the Alten Stand default is read and match with new data. Now the new suggested values for this external service are loaded. After you have maintained the PFCG role, you can generate the profile and insert it immediately.
SAP Data Analytics
How do I make an authorization trace on a user (STAUTHTRACE)? With the authorization trace you can record which authorization objects are used by a user. This helps, for example, in the creation of suitable roles: - Call the transaction STAUTHTRACE - Specify the desired user and start the trace - Let the user call his transaction - Stop the trace (Important, do not forget!) - Evaluate the results.
In practice, the main problem is the definition of content: The BMF letter remains very vague here with the wording "tax relevant data". In addition, there is the challenge of limiting access to the audited financial years.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Do you want to automatically monitor the security settings of your systems and receive convenient evaluations? We will explain how to use configuration validation.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
These UI components are represented in the roles as external services.