Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
Role Management
With the transaction SUIM you can search under roles, roles with different search criteria. The variant "Roles by complex selection criteria" covers all possible selection criteria. However, you can also search only for a specific selection criterion (e.g. only for transactions, only for authorization objects...).
Put the values of the permission trace into the role menu: The applications (transactions, web-dynpro applications, RFCBausteine or web services) are detected through their startup permissions checks (S_TCODE, S_START, S_RFC, S_SERVICE) and can be added to the role menu of your role. In your role, go to the Menu tab and import these applications by clicking Apply Menus and selecting Import from Trace. A new window will open. Here you can evaluate the trace and view all recognised applications in the right window. To do this, click the Evaluate Trace button and select System Trace (ST01) > Local. In a new System Trace window, you can specify the evaluation criteria for the trace, such as the user using the Trace field only for users or the time period over which to record. Then click Evaluate. Then, in the right part of the window, you will see all the applications logged. Select the applications you want to apply to the Roles menu and click Apply. You can now decide how the applications appear in the Role menu. The application can be added to the role either as a permission proposal or as a menu item through the Add drop-down box. They can be displayed as a list or as a panel menu (insert as list) or according to the SAP menu tree in which the application is stored in the SAP menu (insert as SAP menu).
Define S_RFC permissions using usage data
Adapting business processes to legal requirements requires control of users and authorizations. Manage your compliance control permanently without risks. Manage users and their authorizations in all SAP systems centrally and efficiently with our solution for your SAP authorization management: Automatically generate authorization roles for users and assign them.
We recommend you to transport all these changes. Basically, you should always make changes to organisation levels on your development system and then transport them. If you use multiple clients, you should note that the organisation levels and the proposed permissions are client-independent data, whereas the roles and profiles in question are client-dependent. If you are using more than one client, you must also run the PFCG_ORGFIELD_ROLES report in the other mandates to determine the roles that the new organisation level will contain. With the help of this report, you must then rearrange all the roles listed in the Status column: Orgebene in Role are indicated in red. You can select these roles and then use the Reduce in Roles button to adjust them to the new organisation level.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
These are displayed in the role menu of the PFCG role.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
The Excel file must not be lost or damaged.