Generic access to tables
Service User
If a transaction is removed from the role menu, the default permission is deleted when mixing. However, this only applies if no further transaction requires this permission and therefore uses the same permission proposal. This applies to both active and inactive default permissions.
User trace - Transaction: STUSERTRACE - With the transaction STUSERTRACE you call the user trace. Basically, this is the authorization trace (transaction STUSOBTRACE), which filters for individual users. So you can call exactly the authorization trace and set the filter on a user. As with the authorization trace, the profile parameter "auth/authorization_trace" must be set accordingly in the parameter administration (transaction RZ10).
Rebuilding the authorization concept
Likewise, in addition to a statutory publication of the balance sheet and P&L (profit and loss) statement, internal evaluations can also be created. SAP FI has direct interfaces to other modules, such as HR or SD. For the Internet release of reports, it is necessary that an authorization group has been maintained for the respective report.
Another function of this transaction is to find transactions based on generic table access transactions. Here you can check whether there are parameter or variant transactions for a given table, or for a particular view, for which you can set up permissions, instead of allowing access to the table through generic table access tools. If a search result is generated, you can even search for roles that have permissions for the selected alternative applications. To do this, click the Roles button (Use in Single Roles). When using this tool, make sure that even if applications have the same startup properties, there may be different usage characteristics, such as SU22 and SU24 transactions. Both transactions have the same start properties, but are used for different purposes and display different data.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
It is also possible to enter an authorization object several times in the role using the MANUAL button.
If the concept can no longer be implemented in a meaningful way, or if it has already been set up incorrectly, it will be necessary to create a new one.