Equal permissions
Preventing sprawl with the workload monitor
Transaction SU53 can be used to immediately display the missing authorizations for a single SAP user. This is advantageous when individual background processing or activities are not executed correctly and the cause is suspected to be missing authorizations. In this way, the cause of the error can be narrowed down more quickly.
The view of the executable transactions may differ from the transactions for which the user has permissions, because the RSUSR010 report displays only the transactions that are actually executable. Not only does the transaction need to be started by the S_TCODE authorization object, but the following conditions must also be met: For certain transactions, there are additional permission checks that are performed before the transaction starts. These eligibility objects are then additionally entered in the transaction SE93 (Table TSTCA). For example, queries against the P_TCODE, Q_TCODE, or S_TABU_DIS authorization objects. The transaction code must be valid (i.e. entered in the TSTC table) and must not be locked by the system administrator (in the SM01 transaction).
Analyze user buffer SU56
The SAP standard offers various ways to record and play on a massive scale. These tools are generally available for all operations in the SAP system, not just for role maintenance. Therefore, they are also more complex to operate, in order to be able to cover as flexibly as possible all possible application scenarios. eCATT is also no exception, so many users are still afraid to use it. But we can tell you from experience: After the second or third time, the creation of the test scripts is so quick that you'll wonder why you haven't always done it this way.
Versions are the change documents within the development environment, for example, for changes to ABAP source code or the technical properties of tables. This authorization should only be assigned to an emergency user.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
This is the case for TADIR services and external services.
Here, a name other than the user's own can be entered in the user field of a step.