Use AGS Security Services
Use system recommendations to introduce security
This representation has been chosen to show the differences in the classification of user types, because, despite the Global setting for the distribution parameter of the licence data (in the transaction SCUM), the settings in the ZBV may differ from those of the subsidiary system. In addition, you can add the columns ID in the report: Contractual User Type and ID: Show the value in central, which contains the technical values for the user type. If users on the daughter systems are not relevant for the licence measurement, the value User is irrelevant for the licence measurement in the column Contractual User Type. This value occurs for the following users: - technical user - user is not present - user is not valid - user is of type reference user.
Add missing modification flags in SU24 data: This function complements the modification flag for entries that have changed since the last execution of step 2a in the transaction SU25, i.e., where there is a difference to the SAP data from the transaction SU22. The flag is thus set retrospectively, so that no customer data is accidentally overwritten with step 2a due to missing modification flags.
Which challenges cannot be solved with authorization tools alone?
You can automate the translation of the texts by using the LSMW transaction. This transaction is intended for migration tasks, but is also very well suited to allow a particular transaction to be repeated and automated. You record the execution of a transaction and get the variables of the text blocks (technical role name, role description, etc.). You can add values from an import file based on Microsoft Excel to each flow loop. For example, the Excel file contains a table with the columns Technical role name, description German, description English. The LSMW script works through the import file line by line and thus role by role.
The Security Audit Log now logs the table or view name and the scheduled activity of external table access via RFC connections; a new message type has been defined. You can find this fix and an overview of the required support packages in SAP Note 1539105.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
You can create table permission groups by using the transaction SE54 or by using the V_TBRG_54 care dialogue.
Once you have logged in, the permissions associated with your user (via the user account) will be available.