Calling RFC function modules
Structural authorizations
To define the proposed values for the new transaction, use the transaction SU24_S_TABU_NAM. In the selection mask, you can either enter your new Z transaction, or you can enter the SE16 transaction in the Called TA search box. This will search for all parameter transactions that use the SE16 transaction. In the result list, you will find all parameter transactions that use the SE16 transaction as the calling transaction. The last two columns indicate whether the S_TABU_DIS or S_TABU_NAM authorization objects have suggestion values maintained in the SU24 transaction.
At the latest, if it is no longer possible to clearly define which transactions should be included in which roles and which roles a user requires, a correction is necessary. It must be clear which rights are required for the individual tasks in the system.
Controlling permissions for the SAP NetWeaver Business Client
Suitable for this responsible task are, for example, department heads or SAP key users who are familiar with all data access options (cross-module, via report, directly to the raw table, etc.) as well as with the organizational and technical protection measures. By signing the data ownership concept, the responsibility should be acknowledged and taken as seriously and bindingly as, for example, the signature under the purchase contract of a house.
Over the button field maintenance also own-developed authorization fields can be created to either a certain data element is assigned or also search assistance or check tables are deposited. On RZ10.de the topic has been described in more detail including a video recording in the article "Creating Authorization Objects with SAP Transaction SU21".
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Depending on the authorisation tracking procedure, the SAP_NEW permission can be assigned to any user in a development and quality assurance system immediately after the technical system upgrade.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
You can access the ABAP Test Cockpit from the context menu of the object to be checked via Verify > ABAP Test Cockpit.