Statistical data of other users
Maintaining Authorization Objects (Transaction SU21)
First, select the authorization object that you want to maintain. There can be multiple permissions for each authorization object. Then load the trace data by clicking the Evaluate Trace button. A new window will open again, where you can set the evaluation criteria for the trace and limit the filter for applications either to applications in the menu or to all applications. Once the trace has been evaluated, you will be presented with all checked permission values for the selected authorization object. With the Apply button, you can now take the values line by line, column by column, or field by field. In the left part of the window, you will see the permission values added to the suggestion values already visible. After confirming these entries, you will be returned to the detail view of your role. You can see here the additions to the permission values for your authorization object.
Describing all configuration options would exceed the scope of this tip. If you need explanations about a customising switch that are not listed here, look for the relevant note about the SSM_CID table. All settings described here can be made via the transaction SM30. You must consider that all settings in the SSM_CUST, SSM_COL, and PRGN_CUST tables are client-independent; only the settings of the USR_CUST table depend on the client.
RSUSRAUTH
I will go into more detail on the subject of further training in the SAP environment at the next opportunity. As a small anticipation, I may refer here to some SAP blogs on the subject of SAP Basis or also the VideoPodcast "RZ10 LIVE SAP BASIS AND SECURITY" from rz10.de picks up topics in the area of authorizations again and again and is instructive here :-).
A typical application arises when a new SAP user is requested. The data owner now checks whether the person making the request and the person to be authorized are at all authorized to do so, what data would be affected, whether an SAP user already exists to whom new roles can be assigned and old ones revoked, whether data access can be limited in time, and so on.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
Naming conventions for PFCG roles can be very diverse.
You want to display certain documents in the transactions FBL*N depending on additional permission checks.