SAP systems: Control user authorizations with a concept
Existing permissions
The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar.
However, the greatest advantage is the consistent use of reference users for performance. The use of reference users reduces the number of entries per user in the user buffer, i.e. in the USRBF2 table. This is because the entries in the user buffer only have to be stored once for the reference user and not more times for the inheriting users. This reduction in the table contents of the USRBF2 table will improve performance when performing eligibility tests.
Permissions objects already included
Once you have logged in, the permissions associated with your user (via the user account) will be available. Each of your actions leads to the use of runtime versions of the corresponding objects. This also applies to every privilege and role. Runtime versions of rolls are not transportable in SAP HANA. However, in order to achieve a high quality in the development of your applications, you should use a system landscape with development system (DEV), quality assurance system (QAS) and productive system (PRD). To enable you to translate development results to QAD and PRD, SAP HANA Studio provides you with the opportunity to create objects in a (freely definable) Design Time Repository that you can provide and transport via Delivery Units to other systems.
These single roles can also be combined into composite roles. I recently discussed the special features of this in the article "SAP Authorizations Mass Maintenance Single Role Assignments in Composite Roles per Function Module (FuBa) or Transaction Code", but here I would rather discuss the roles and assignment of authorization object field values in role maintenance with the PFCG for an authorization overview.
Authorizations can also be assigned via "Shortcut for SAP systems".
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
If compensating controls have been implemented for this purpose, it is helpful if the IT department also knows about this so that it can name these controls to the IT auditor.
This verification of certificates ensures that no existing certificates are added in the template and that only one certificate is entered to an e-mail address.