Security within the development system
Testing Permission
For an up-to-date description of the eligibility tests in the EWA, see SAP Note 863362. Updates to these checks are provided by keeping the ST-SER software component, which contains the definition of checks to be performed, up to date and enabling the automatic content update in the SAP Solution Manager.
Trace after missing permissions: Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
Authorization concept of AS ABAP
Additional checks should be performed on document transactions in specific processes. This may be necessary, for example, when booking via interfaces in customer-owned processes, if the booking is to be possible only under certain conditions or on certain accounts.
If the authorization objects also require permission fields, you can create them in the SU20 transaction. When creating a authorization object in the SU21 transaction, you first set a name and description for the authorization object, and then assign it to an object class. Then assign the necessary permission fields. If any of these fields are ACTVT, you can select all of the activities to be checked by clicking the Activities button. The navigation behaviour has been improved here a lot.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program.
You should archive all document types at the same time intervals; This is especially true for the US_USER and US_PASS archive objects.