User Interface Client Permissions
Reference User
Certain SAP authorizations, including those for table maintenance (S_TABU_*) require special attention for data protection reasons. These are known as critical authorizations. In the course of authorization planning, a company should determine which authorizations are to be considered critical, which roles may receive which critical authorizations or values for critical authorization fields, and so on. The German Federal Office for Information Security has compiled detailed information on defining critical authorizations.
In the SU10 transaction, click the Permissions Data button in the User Selection pane. At this point there is a jump to the report RSUSR002. In the selection screen of the report that appears, you can select the multiple selection to the User field by clicking the arrow button and insert the users from your selection by pressing the button (upload from clipboard).
What are the advantages of SAP authorizations?
Help, I have no permissions (SU53)! You want to start a transaction, but you have no permissions? Or the more complex case: You open the ME23N (show purchase order), but you don't see any purchase prices? Start transaction SU53 immediately afterwards to perform an authorization check. The missing authorization objects will be displayed in "red". You can also run SU53 for other users by clicking on Authorization Values > Other Users in the menu and entering the corresponding SAP user name.
When accessing tables or views, the S_TABU_DIS authorization object is used to grant permission for a specific table permission group in the permission check. Note in this context also Tip 73 "Use authorization objects for table editing" and the S_TABU_NAM authorization object presented there. You can create table permission groups by using the transaction SE54 or by using the V_TBRG_54 care dialogue. They fall under the customising and can only contain four characters until SAP NetWeaver 7.31 SP 2. To create a table permission group, call the SE54 transaction and select Permissions Groups in the Edit Table/View pane. The Create/Modify button provides an overview of the existing table permission groups. For example, this way you can also change the name of a table permission group. In the Table Rights Group overview, click the New Entries button to create a new table permissions group. Give a name for your permission group and a matching name. After you have saved the new entries, your custom table permission group is created.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
In the list of executable transactions, you can then double-click on the transaction (for example, PFCG) to view the list of authorization objects and values for that transaction.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
In the SU10 transaction, click the Permissions Data button in the User Selection pane.