BASICS FOR USING SAP REPORTS
Temporarily disable Central User Management
Authorization trace - Transaction: STUSOBTRACE - Transaction STUSOBTRACE is used to evaluate the authorization trace in the SAP system. This is a trace that collects authorization data over a longer period of time in several clients and user-independently and stores it in a database (table USOB_AUTHVALTRC).
See SAP Note 1763089 for information on the system requirements and support packages you need to access the new feature. With these support packages the transaction SAIS, the new AIS cockpit, is delivered. The AIS has thus been switched from the previous role concept to thematic audit structures and offers new functions, such as logging all audit activities. The AIS has existed in the SAP system for quite a long time; It is designed as a tool for testing and evaluating SAP systems and is delivered by SAP ERP to the standard. It includes the function of audit structures, a collection of audit functions on the areas of commercial audit and system audit, including their documentation. The commercial audit includes organisational overviews and balance sheet and process orientated functions. For example, this allows you to evaluate information about financial accounting and tax receipts. The AIS system audit covers general system audits and analysis of users and permissions. For example, it includes functionality to check profile parameters or transport.
SAP FICO Authorizations
When creating the PFCG individual roles in the respective SAP system, you should create the menu structure so that they can be combined with other individual roles in a single role. Once you have created the individual roles with the correct role menu, you can assign them to a collection role. Add the Role Menu to the Collect Roll using the Read Menu button. The menu can now be finally sorted. If changes to the roll menu are necessary, however, you must first make them in the individual rolls and then remix them in the roll roll (using the Mix button, see figure next page above). Transactions from other SAP systems such as SAP CRM, SAP SCM etc. can also be integrated into the NWBC. To do this, you first create the PFCG role for the relevant transactions in the target system. From the individual roles you can create collection roles with a defined menu structure.
To maintain open permission fields in roles, you need information from the Permissions System Trace. But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually. The information on which values can be entered can be read from the Permissions system trace and maintained manually in the PFCG role. However, this can be very complex, because a function that takes these values into the PFCG role has been missing.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
These include the overarching goal, the legal framework, a naming convention, clarification of responsibilities and process flows for both user and authorization management, and the addition of special authorizations.
You can do this by assigning permissions through the RESPAREA field, which is used in certain authorization objects in the controlling.