Permissions with status
Existing permissions
Authorizations are the main controlling instrument for mapping risk management and compliance. They are used to control all processes in the systems. For the most part, separation of functions is implemented exclusively with authorizations. Therefore, not only the one-time setup of authorizations is relevant, but also the continuous monitoring and control of the authorization assignment. Various tools are available on the market for this purpose. A re-certification process that involves the departments and optimizes the revalidation of authorizations is helpful.
To release jobs - own jobs or jobs of other users - a permission for the object S_BTCH_JOB with the expression JOBACTION = RELE is still required. In running operations, scheduled batch jobs may be cancelled because a step user is deleted or locked. With the help of the BTCAUX09 programme, you can check jobs as an administrator to see if they can be cancelled in the future. If you want to run these jobs under another step user, you can change them either with the transaction SM37 or with the report BTC_MASS_JOB_CHANGE.
General authorizations
CREATE_EMAIL_CONTENT: The example implementation of this method generates the e-mail content. The user ID, the relevant system and the initial password are listed for each user. When the method is called in the Central User Management (ZBV), all initial passwords associated with the system in which the password was reset are listed. You should adapt the content of the e-mail to your requirements.
You may have special requirements that are necessarily to be included in the naming convention, such as when you define template roles in a template project that can be customised locally. You can identify this in the naming.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The security policy is assigned to the user in transaction SU01 on the Logon Data tab.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
If you select the SU24 Data Initialisation button, step 1 is the same and you overwrite your SU24 data with the SU22 data for the selected applications.