Hash values of user passwords
Retain the values of the permission trace to the role menu
Only adding an authorization object via SU24 does not automatically result in a check within the transaction. The developer has to include an authorization check exactly for this object in the program code.
Typically, this includes permissions that can be used to delete change records in the system or electronically erase them. The traceability of changes is also important in the development system, which is why the authorizations listed below should only be assigned very restrictively or only to emergency users.
Change documents
It must be clarified in advance what constitutes a recognized "emergency" in the first place and which scenarios do not yet justify activating the highly privileged user. In addition, it may only be approved and activated after a justified request and only under the dual control principle. After use, it must be administratively blocked again immediately.
User master record - Used to log on to the SAP system and grants restricted access to SAP system functions and objects via the authorization profiles specified in the role. The user master record contains all information about the corresponding user, including authorizations. Changes only take effect the next time the user logs on to the system. Users already logged on at the time of the change are not affected by the changes.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
However, it does not restore the old location of the field, because summarised values will no longer be separated when the field is elevated to the organisational level.
The test results in these areas are displayed with a traffic light symbol.