Set Configuration Validation
Reset passwords using self service
How do I compare roles (RSUSR050)? With the report RSUSR050 you can compare users, roles or authorizations within an SAP system or across systems. To do this, start transaction SE38 and run the above report.
Consulting firms adjust the roles and authorizations in retrospect. This usually means "making the best of it" and making ad hoc adjustments - in other words, not fixing the root cause and cleaning up from scratch. Companies should therefore ask themselves: how can this be avoided? What requirements must a DSGVO-compliant authorization concept fulfill? How can we remain meaningful regarding the authorizations of specific individuals in the system and the purpose of the authorizations?
Security within the development system
Since a role concept is usually subject to periodic changes and updates, e.g. because new functions or modules are introduced or new organisational values are added, role names should be designed in such a way that they can be expanded. Therefore, in the next step, define the useful criteria you need in your role name.
Create a report transaction for the report that is called in the background job. Set up the report transaction in the transaction SE93 and assign the report RHAUTUPD_NEW as a programme. Start the authorisation trace by setting the auth/ authorisation_trace profile parameter to Y or F if you want to work with filters (see tip 38, "Use the SU22 and SU24 transactions correctly"). Now run the job to collect permission checks on the permission trace. Your permission checks should now be visible in the STUSOBTRACE transaction. Now maintain the permission proposal values for your report transaction in transaction SU24 by entering the transaction code in the appropriate field. You will find that no values are maintained. Now switch to Change Mode. You can add your permission suggestions from the trace using the Object > Insert objects from Permissions Trace > Local (see Tip 40, "Use Permission Trace to Determine Suggest Values for Custom Developments"). Add the suggestion values for each displayed authorization object. Now create a PFCG role that includes the report transaction permission and maintain the open permission fields. Then test whether the job can be run with the permissions from the PFCG role.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
In practice, therefore, support staff often help themselves by asking the user to send a screenshot of the transaction SU53.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
This report not only gives you an overview of the table logging settings in the tables, but also allows you to select multiple tables for logging.