Centrally review failed authorisation checks in transaction SU53
What to do when the auditor comes - Part 2: Authorizations and parameters
The generic entries cause deletions in the target system if the same entries originate from both development systems. To prevent this, insert SAP Note 1429716. Then use the report SU24_TRANSPORT_TABLES to transport your SU24 data. This report creates a detailed transport BOM based on the application names. Since the report has significantly higher maturities than step 3 of the transaction SU25, we advise you to apply this report only in a Y-landscape.
By clicking on the Registration Data button, you start the RSUSR200 report and you enter the selection mask. This report allows you to select users by login data. You can also determine if a user has changed his initial password. You can select a predefined variant from the catalogue using the button (Get variant) or the key combination (ª) + (F5).
Automatically pre-document user master data
Role credentials saved by the last edit are displayed. This option is not recommended if transactions have been changed in the Role menu.
On the topic of SAP authorizations and SAP S/4HANA, I can recommend the SAP online course by Tobias Harmes as blended learning from Espresso Tutorials for SAP administrators, ABAP developers and people who are currently or will be dealing with SAP authorizations. The online course covers the following topics: - Introduction to the course - Why are SAP authorizations actually important? - How do SAP authorizations work technically? - Developing and maintaining roles - SAP Fiori authorizations/tile authorizations in S/4HANA - Developing authorization checks.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Have you ever tried to manually track who among the users in your SAP system has critical authorizations? Depending on your level of knowledge and experience, this work can take a lot of time.
For example, you can also include the DISABLE_PASSWORD_LOGON policy attribute setting, because administrators often want to be able to log in with a password on the system.