Data ownership concept
RSUSR003
The AL08 transaction displays all logged-in users and their application servers. In the Server Name column, you can see which application server the user is logged on to, and which has the permission issue. Switch to this application server by calling the SM51 transaction and double-clicking the application server you are looking for. On the application server that is now active, run the permission trace as usual and review the evaluation.
The SAP standard offers various ways to record and play on a massive scale. These tools are generally available for all operations in the SAP system, not just for role maintenance. Therefore, they are also more complex to operate, in order to be able to cover as flexibly as possible all possible application scenarios. eCATT is also no exception, so many users are still afraid to use it. But we can tell you from experience: After the second or third time, the creation of the test scripts is so quick that you'll wonder why you haven't always done it this way.
The Anatomy of SAP Authorization or Documentation on SAP Authorization Objects and Authorization Field Values
Custom programmes should be protected with permissions, just like standard applications. What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed. For your programmes, you should create custom permissions checks by default and manage them accordingly.
Now check the SY-SUBRC system variable. If the value is 0, the Permissions Check succeeded. If the value is 4, the test did not pass. At a value of 8, there is an inconsistency in the definition of the authorization object and the verification in the code - this should not happen! If the value is 12, the permission is not part of your permission buffer.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
We select the authorization objects and values as selection and the role name, and the user as output fields.
Various tools are available on the market for this purpose.