Encrypt e-mails
Protect Passwords
For simplicity, we want to explain this example by using the PFCG_TIME_DEPENDENCY background job. This job calls the report RHAUTUPD_NEW or can be executed directly with the transaction PFUD. Imagine that there's no transactional code for this job yet.
Transaction SE63 allows you to translate a variety of text in the SAP system. You can find the relevant texts for the eligibility roles via the menu path: Translation > ABAP Objects > Short Texts In the pop-up window Object Type Selection that appears, select the S3 ABAP Texts node and select the ACGR Roles sub-point.
Maintenance Status
Since a role concept is usually subject to periodic changes and updates, e.g. because new functions or modules are introduced or new organisational values are added, role names should be designed in such a way that they can be expanded. Therefore, in the next step, define the useful criteria you need in your role name.
Some queries are also a bit complicated with the SUIM transaction. With SAP Query, you can quickly assemble queries that enable individual and more complex data evaluations. Do you want to know quickly which valid users currently have a modified access to a particular table, or what roles are users granted permission for a particular transaction? The SAP standard tool, the user information system, is an excellent solution for this type of data retrieval. However, at the latest during the next review, targeted queries with data combinations - and thus several SUIM query sequences - must be delivered within a short time. SAP queries can facilitate this task. An SAP Query is essentially a clear way to scan tables for specific data away from the SE16 transaction. There is the possibility to link multiple tables (join), which makes multiple SE16 queries just one SAP query. For example, if you want to know what roles users are entitled to perform the SCC4 transaction, you can use the SUIM transaction to query to determine which users can perform the transaction and view the roles that enable it in another query, but there is no result that shows both.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
The four important concepts of SAP security first require a certain amount of effort.
In principle, the SAP_NEW permission should not be granted in the production system.