Integrate S_TABU_NAM into a Permission Concept
What are SAP authorizations?
Role selection for mass transport uses the default value help, which offers the Multiple Selection button. Thus, you no longer have to go through the Value Helper (F4) to perform multiple selection of roles, and the restriction of selected roles to the visible rows is eliminated.
This missing functionality comes with SAP Note 1902038 and can only be recorded via the respective support packages for SAP NetWeaver Releases 7.31 and 7.40. The ZBV's change documents are written for the USER_CUA change document object. The analysis of the change documents can be accessed using the following methods.
Set Configuration Validation
Object Privileges: Object Privileges are SQL permissions that control access to and modification of database objects (as a whole). The type of object (table, view, procedure) determines which database operations can be authorised. Database operations include SELECT, UPDATE, ALTER, DROP, and DEBUG.
The basic idea of the approach described below is to evaluate the previous usage behaviour (reverse engineering) for the definition of the required permissions. In the first step, you configure the retention time of usage data, because each SAP system logs the calls to bootable applications. This way, not only the user, at what time, what transaction, but also the user, which function block was called. These data are then condensed into daily, weekly and monthly aggregates and stored for a specified period. This statistical usage data is originally intended for performance analysis; You can also use them to determine the permissions you need. We described the configuration of the retention time of the statistical usage data in Tip 26, "Use usage data for role definition". Please also refer to our explanations on the involvement of your organisation's co-determination body in the storage and use of the statistical usage data. In addition to the settings described in Tip 26, you should also adjust the retention time for the RFC Client Profile (WO), RFC Client Destination Profile (WP), RFC Server Profile (WQ), and RFC Server Destination Profile (WR) task types using the SWNCCOLLPARREO Care View.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
These permissions should be considered critical, and you should assign them to a small circle.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
The customising switch BNAME_RESTRICT, also included in SAP Note 1731549, allows you to control whether you want to allow alternate spaces at certain locations of the user ID.