Copy the user from the Clipboard to the Transaction SU10 selection
SAP S/4HANA® migration audit
In the SU22 transaction, the developers of an application maintain the proposed values for all required authorization objects; the authorisation trace helps in this. As described in SAP Note 543164, the dynamic profile parameter auth/authorisation_trace of the trace is set to Y (active) or F (active with filter). By inserting the SAP Notes 1854561 or the relevant support package from SAP Note 1847663, it is possible to define a filter for this trace via the STUSOBTRACE transaction, which you can restrict by the type of application, authorization objects, or user criteria.
Additional checks should be performed on document transactions in specific processes. This may be necessary, for example, when booking via interfaces in customer-owned processes, if the booking is to be possible only under certain conditions or on certain accounts.
Data ownership concept
Using these authorizations, any source code can be executed independently of the actual developer authorizations and thus any action can be performed in the system. This authorization should only be assigned to an emergency user.
You would like to revise your authorisation concept and tailor SAP roles only to the productive processes. We show you how to use the statistical usage data from the Workload Monitor for the SAP role definition. One of the biggest effort drivers in redesigning SAP role concepts is the definition of transactional expression of SAP roles. By using the statistical usage data from the workload monitor, you can avoid costly coordination with process managers in the sense of a Green Field Approach. In this way, you can tailor your SAP role concepts to the content of the usage behaviour. The only requirement is that the data be available for a representative period. This is two months in the SAP standard; You can also extend this time period. Below we describe how you can use the statistical usage data from the Workload Monitor for the SAP role definition.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Clearly defined responsibilities ensure the effectiveness of a concept.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
The checks allow incorrect authorizations to be identified and rectified without a redesign.