Archive change document management for user and permission management
Using eCATT to maintain roles
In the SCUA transaction, which you typically use to create or delete a ZBV distribution model, you can temporarily disable a subsidiary system. This option is disabled by default. To enable it, you must make changes in the customising of the PRGN_CUST table. Open the PRGN_CUST table either directly or via the customising in the SPRO transaction in the respective subsidiary system.
In order to be able to execute subsequent SAP standard reports, you need authorizations to access certain programs or reports and in the area of role maintenance. The transactions "SA38" and "SE38" for executing programs are of particular importance. They enable a far-reaching system analysis by means of certain programs for the end user. Additional rights associated with this, which can go beyond the basic rights of administrators, have to be controlled by explicit values in a dedicated manner.
Controlling permissions for the SAP NetWeaver Business Client
In these cases, the total permissions from the RFC_SYSID, RFC_CLIENT, and RFC_USER fields will not be applied. However, you will always see a system message. These constraints cannot be changed by the settings of the customising switch ADD_S_RFCACL in the table PRGN_CUST.
It takes too long to read out the User and Permissions Management change notes? With a good archiving concept, you can improve performance. User and Permissions Management applications write change documents that increase significantly over time and can cause long wait times to read them. To reduce waiting times, you should archive the documents and set a logical index for key change documents. For this, however, you need a comprehensive overview of the storage locations and also of the evaluation possibilities and archiving scenarios. In the following we will show you how you can optimise the change document management of the user and permission management.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Information about existing records of the same role by other administrators does not take place.
This process ultimately ensures that users only have the authorizations in the SAP® system that they actually need.