Grant spool jobs
Module
The IF_IDENTITY interface of the CL_IDENTITY class provides various methods for maintaining the fields of the user master record. As a template for the implementation of the BAdIs, you can use the CL_EXM_IM_IDENTITY_SU01_CREATE implementation example, which automatically populates the SU01 transaction's surname, space number, phone, email address, user group, billing number, and cost centre fields. This example implementation does not provide an external data source; the user name is set as the last name and fixed values are used for the other fields. At this point, you must complete the implementation, depending on your requirements. There are several possible data sources for the user master data that you can access from the BAdI.
The Security Audit Log (SAL) has ten different filters in the current releases, which control which events are logged. You can configure these filters via the SM19 transaction. The events are categorised as uncritical, serious or critical.
Task & functionality of the SAP authorization concept
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
SAP Note 1707841 ships an extension to the system trace in the STAUTHTRACE transaction, which enables the permission trace to be used on all or on specific application servers. To select the application servers on which to start the trace, click the System Trace button. Now select the application servers in the list on which you want to run the system trace and start the trace with a click on Trace. In the evaluation of the Permission trace, an additional column named Server Name appears, showing you the name of the application server on which the respective permission checks were logged.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can greatly facilitate the maintenance of permissions in controlling by defining the RESPAREA field as the organisational level, and thus using your cost centre and profit centre hierarchies.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
By contrast, you will find the relevant user administration change documents in the production systems; Therefore, you should note that when importing roles and profiles in the production systems, no change documents are written.