Query the Data from an HCM Personnel Root Record
Security Automation for HR Authorizations
SAP Note 1854561 provides a new possible value for the auth/authorisation_trace parameter: F (Trace enabled with filter). Allows you to limit the permission trace to values that can be set by the filter. The filters are defined in the STUSOBTRACE transaction (see SAP Note 1847663).
The user's access to this program is realized by assigning a role that contains the required transaction including the authorization objects to be checked. A role can contain a large number of authorization objects.
CONCLUSION
The Security Audit Log can also log customer-specific events in restricted way starting with SAP NetWeaver 7.31. The event definitions DUX, DUY and DUZ are reserved for customers and delivered with a dummy expression. For these events, you can then define individually configurable messages using the RSAU_WRITE_CUSTOMER_EVTS function block. To do this, you must first identify the additional necessary events and define their message texts and variables. Note that you may not change the meaning of the message and the arrangement of the variables later, as this would prevent older log files from being readable. Finally, you must include the new message definitions in your filters (transaction SM19). You will find the corrections and an overview of the required support packages in SAP Note 1941526. Since the use of this functionality requires extensive knowledge about the Security Audit Log, it is important that you also consider the recommendations in SAP Note 1941568 and that you can be supported by a basic consultant.
A separate programme - a separate permission. What sounds simple requires a few steps to be learned. Do you want to implement your own permission checks in your own development or extend standard applications with your own permission checks? When implementing customer-specific permissions, a lot needs to be considered. In this tip, we focus on the technical implementation of the authorisation check implementation.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
This function block not only responds to a missing permission when the programme starts, but can also specify that only the NO-CHECK check marks maintained in the transaction SE97 allow external calling from another transaction context.
This also applies to internal expiration procedures (such as background jobs) because you do not need to register a password.