Full verification of user group permissions when creating the user
Optimise trace analysis
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.
Here, too, it is possible to create security and an overview with the help of tools for HR authorizations. The tool creates a clear overview of which data certain users are allowed to access in the SAP system. Based on this, it is possible to develop automatic checks that run in the background and regularly monitor whether changes to authorizations have created critical gaps in HR.
Dialogue user
Transaction SE63 allows you to translate a variety of text in the SAP system. You can find the texts relevant to the permission roles by going to the Translation > ABAP Objects > Short Texts menu. In the Object Type Selection pop-up window that appears, select the S3 ABAP Texts node and select the ACGR Roles sub-point. You can now select the role in the following screen. You must note that the system expects the client to be prefixed, and the next step allows you to maintain the chunk in the target language. The variable AGR_TEXTS 00002 corresponds to the description of the role and the variable AGR_HIERT_TEXT 00001 corresponds to the description of the transactions contained therein. After you have saved the entry, the description of the role is also maintained in the target language, in our example in the English language and visible after the login. Select the source language correctly in the field.
The data that is regulated by the structural authorizations must be hierarchically structured in one of the personnel development components. This could be Organizational Management or Personnel Development, for example. Access can thus be regulated relative to the root object within the hierarchical structure.
Authorizations can also be assigned via "Shortcut for SAP systems".
Up to now, the values of customer-owned applications had to be either manually maintained in the PFCG role, or the suggested values maintenance in the transaction SU24 was performed manually.
The SU10 transaction, as the user administrator, helps you maintain bulk user master records.