Authorization object documentation
SAP Authorization Trace - Simple Overview of Authorizations
It takes too long to read out the User and Permissions Management change notes? With a good archiving concept, you can improve performance. User and Permissions Management applications write change documents that increase significantly over time and can cause long wait times to read them. To reduce waiting times, you should archive the documents and set a logical index for key change documents. For this, however, you need a comprehensive overview of the storage locations and also of the evaluation possibilities and archiving scenarios. In the following we will show you how you can optimise the change document management of the user and permission management.
If a user is assigned SAP_ALL, he has all permissions in an ABAP system. Therefore, particular care should be taken in the dedicated award of this entitlement. SAP_ALL can be generated automatically when you transport authorization objects. The SAP_ALL_GENERATION parameter must be maintained in the PRGN_CUST table.
A complicated role construct
Once the programme implementation and documentation have been completed, a functional test will always follow. A corresponding eligibility test should not be forgotten. The permission test must include both a positive and a negative permission test.
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
If you create a new permission concept, it is useful to include the favourites in the viewing.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
SAP_NEW represents a specific permission profile that summarises the concrete permission changes between two SAP release levels.