Maintain derived roles
Maintain batch job suggestion values
Regardless of whether you select the degree of simplification COARS = 1 or 2, you should not enter * or SAPDBPNP (programme name of logical database PNP) in the REPID field. With these values, you allow access to the logical databases SAPDBPNP and SAPDBPAP and thus to all contained root data.
For these scenarios, there are several ways to determine which systems and clients to display to the user in the self-service selection. We therefore describe a possibility that you can use in all scenarios. To do this, use the BAPI BAPI_USER_GET_DETAIL, which you must call for the SAP User ID on all relevant systems. Check the entry for the RETURN table parameter first. If the entry is empty, the user is present in the SAPS system. Any error messages during the call are displayed in this parameter (e.g. if the user is not present). If the PROFILES or ACTIVITYGROUPS table parameters have entries, permissions in this system are assigned to the user. In addition, you can use the REF_USER export parameter to identify a reference user that is associated with it. However, you must also check that it has permissions. You can also determine if a lock exists when you call the BAPI BAPI_USER_GET_DETAIL. To do this, use the ISLOCKED export parameter, which returns a four-character combination of the L (locked) and U (not locked) characters.
Get an overview of the organisations and their dependencies maintained in the system
When were which changes made to a role (PFCG)? In the PFCG, click on Utilities > View Changes in the menu at the top to view the change documents. You will see a detailed list of which user made which change to which object and when.
On the other hand one can call the system trace over the transaction ST01. Here it is possible to set individual filters for the checks. In addition, you can switch off the trade via the "Trace off" button or the F8 key and switch the trace back on via the "Trace on" button that is then displayed or the F7 key. If you click on the button "Evaluation" or the F2 key, you can display the evaluation.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Up to now, you have had to perform various evaluations with the reports RSUSR200 and RSUSR002 of the user information system (transaction SUIM) and subsequently edit the lists.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
This fix extends the naming conventions so that namespaces in the /XYZ/ format can be used up to a maximum of eight characters.