Analyze user buffer SU56
System trace function ST01
The role concept provides that each user can only process the tasks to which he is authorized. It is developed across departments and must protect sensitive data from unauthorized access. A clear role concept enables a modular structure of authorizations without having to create separate roles for each user.
For performance reasons, the SAP kernel checks whether a user is authorised in the permission buffer. However, only profiles and no roles are loaded into the permission buffer. Calling the SU56 transaction will cause you to parse the permission buffer, first displaying your own user's permission buffer. A pop-up window to change the user or authorization object will appear from the Other User/Permissions Object (F5) menu path. Here you can select the user you want to analyse in the corresponding field. The Permissions > Reset User Buffer path allows you to reload the permission buffer for the displayed user.
Implementing the authorization concept in the FIORI interface
Identify the personnel master record associated with the user ID that you are creating in the SU01 transaction. To do this, search within the personnel data for a personnel number that entered this user ID in the System User Name SAP System (0001) subtype of the Communication (0105) info type. Subsequently, fill in the fields of transaction SU01 with the data from the personnel master record.
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
Authorizations can also be assigned via "Shortcut for SAP systems".
If the program determines early on that the user does not have the necessary objects in the user buffer, it may abort before the first SELECT and issue an appropriate error message.
Delete SU24 suggestion values without test label reference: This function removes all entries whose check mark is not set to Verify and whose suggestion is not set to Yes.