Check current situation
Query Data from a Local Table
You can set up a nightly background job to match the certificates with your customer's own programme. This requires that the certificates can be obtained through an SAP programme.
The logging takes place in both the central system and the subsidiary systems. If the change documents are to be read for the attached subsidiary systems, the subsidiary systems must also be at the release and support package status specified in SAP Note 1902038. In addition, RFC users in their daughter systems need permission to read the change documents using the S_USER_SYS authorization object with the new activity 08 (Read the change document).
Authorization concepts - advantages and architecture
How to maintain security policies and map them to your users is described in Tip 5, "Defining User Security Policy." You need a separate security policy for administrators to implement this tip, which is often useful for other reasons. In this security policy, you then set the policy attribute SERVER_LOGON_PRIVILEGE to 1. For example, you can also include the DISABLE_PASSWORD_LOGON policy attribute setting, because administrators often want to be able to log in with a password on the system.
The security policy was introduced with the SAP NetWeaver 7.31 release; for their use you need at least this release. Security policies thus replace the definition of password rules, password changes, and login restrictions via profile parameters. The security policy is assigned to the user in transaction SU01 on the Logon Data tab. Profile parameter settings remain relevant for user master records that have not been assigned a security policy. Some of the profile parameters are also not included in the security policy and therefore still need to be set system-wide. Security policy always includes all security policy attributes and their suggestion values. Of course, you can always adjust the proposed values according to your requirements. You define security policy about the SECPOL transaction. Select the attributes for which you want to maintain your own values and enter the values accordingly. The Descendable Entries button displays the attributes that are not different from the global entries.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
This behaviour is independent of the settings of the distribution parameters for the user group in the SCUM transaction.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
For an overview of the usage data already stored in the system, see the SWNC_COLLECTOR_GET_DIRECTORY function block (GET_DIR_FROM_CLUSTER = X input parameter).