Centrally review failed authorisation checks in transaction SU53
Testing Permission
After successful implementation of your permission check, the new authorization object for your application must be maintained in transaction SU24. If your solution is distributed in other system landscapes, the authorisation proposals in the transaction SU22 are maintained. In addition, with the permission proposal value maintenance, you can make sure that the new authorization object is not forgotten in a role system, because it is now loaded automatically into the PFCG role when the application is called up via the role menu. In the final step, the permission administrator can create the PFCG role or must remix the existing PFCG roles.
The selection mask for selecting change documents in the transaction SCUH is divided into four sections: Standard selection (similar to other SUIM reports), output, selection criteria, and distribution parameters. In the default selection you have the option to specify for which model view, for which modifier (Modified by) and for which time period you want to view change documents.
What to do when the auditor comes - Part 2: Authorizations and parameters
Service users are used for multi-person anonymous access, such as Web services. This type of user is also dialogical, i.e. it can log on to the SAP system via SAP GUI. With a service user, multiple logins are always possible, and password modification rules do not work. This behaviour has changed with the introduction of security policy. Because previously all password rules for the service user were invalid, and now the rules for the contents of the passwords also apply to the service user (see Tip 5, "Defining User Security Policy" for details on security policy). The password of a service user always has the status Productive and can only be changed by the user administrator.
The generic entries cause deletions in the target system if the same entries originate from both development systems. To prevent this, insert SAP Note 1429716. Then use the report SU24_TRANSPORT_TABLES to transport your SU24 data. This report creates a detailed transport BOM based on the application names. Since the report has significantly higher maturities than step 3 of the transaction SU25, we advise you to apply this report only in a Y-landscape.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
At least one separate file is created for each day.
When deleting or adding transactions in the role menu of PFCG roles, the respective permissions in the PFCG role have the Maintenance Status Standard.