SAP Authorizations Optimise trace analysis - SAP Corner

Direkt zum Seiteninhalt
Optimise trace analysis
Permissions and User Root Sets Evaluations
First, select the authorization object that you want to maintain. There can be multiple permissions for each authorization object. Then load the trace data by clicking the Evaluate Trace button. A new window will open again, where you can set the evaluation criteria for the trace and limit the filter for applications either to applications in the menu or to all applications. Once the trace has been evaluated, you will be presented with all checked permission values for the selected authorization object. With the Apply button, you can now take the values line by line, column by column, or field by field. In the left part of the window, you will see the permission values added to the suggestion values already visible. After confirming these entries, you will be returned to the detail view of your role. You can see here the additions to the permission values for your authorization object.

Now, if you want to use the debugger, you can set a Session Breakpoint directly from the source code via the button. Once you call the application and reach the relevant point in your code, the debugger starts and you can move through the programme step by step. Make sure to set external breakpoints via the button if you are calling your application via the browser rather than via SAP GUI.
Copy values from the Clipboard to the transaction's PFCG permission fields
Another option is to not assign the SAP_NEW permission to a user. For example, during the tests to be performed, both the development system and the quality assurance system will experience permission errors. These should then be evaluated accordingly and included in the appropriate eligibility roles for the correct handling of the transactions.

You can set up a nightly background job to match the certificates with your customer's own programme. This requires that the certificates can be obtained through an SAP programme.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

If the check mark is set to YES, the transaction startup permission is performed with the S_TCODE object.

The website offers a lot of useful information about SAP authorizations.

Open the transaction and go to Permissions > Other Users or F5 to the User Selection menu.
SAP Corner
Zurück zum Seiteninhalt