Using eCATT to maintain roles
PRGN_COMPRESS_TIMES
You can use the system trace function (transaction ST01) to record the authorization checks in all modes, if the trace and the transaction to be traced run on the same application server. All object fields and their values are recorded during the authorization object check.
In the only method of the BAdIs, CHANGE_ITEMS, programme the necessary checks, such as on specific data constellations or permissions. These can refer to all fields in the FAGLPOSX structure. You do this by specifying that all lines for which the test was not successful will be deleted during the execution of the method. This implementation of the BAdIs complements the Business Transaction Event 1650 described in the second example. You can also use the FB03 transaction to display receipts in the same way that you implement the FB03 filter. In this case, implement the required checks in the BAdI FI_AUTHORITY_ITEM.
Authorization concept
This list in the AGR_1252 table contains both the organisational fields that are shipped in the standard and the fields that you have collected for organisational fields. Unfortunately, the list does not indicate what kind of organisation field it is. But you can find out: Open the PFCG_ORGFIELD_DELETE programme via transaction SA38. The Organisation Level Value Helper (Orgebene) provides a list of all customer-specific organisation fields, because only these can be converted back to normal Permissions Object Fields. Note the implications if you want to actually run this programme.
Every SAP system (ERP) must be migrated to SAP S/4HANA® in the next few years. This technical migration should definitely be audited by an internal or external auditor.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
In the selection mask, you can either enter your new Z transaction, or you can enter the SE16 transaction in the Called TA search box.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
The findings may not have been accepted by the auditors as the lists were visibly manipulated, even if this manipulation was justified.