Maintain authorization objects more easily
Know why which user has which SAP authorization
You are using the SAP_ALL profile for interface users, and after upgrading to a new Support Package, do you get permission errors? While we cannot recommend using the SAP_ALL profile, we describe how you can resolve this problem in the short term. In newer SAP NetWeaver releases, the SAP_ALL profile no longer contains permissions for the S_RFCACL authorization object. This can lead to permission errors, such as for interface users who have the SAP_ALL profile assigned to them. Please note that we can only recommend using the SAP_ALL profile for absolute emergency users. Therefore, instead of applying this tip, you should preferably clear the permissions of your interface users. To learn how to do this, see Tip 27, "Define S_RFC permissions using usage data." However, such a cleanup of the privileges of your interface users cannot happen overnight. Therefore, we will explain how to resolve the issue in the short term.
In order to use the statistical usage data, you must first extend the default SAP value of the retention time to a reasonable period of time. For a representative period, a minimum of 14 months and a maximum of 24 months shall be sufficient. This includes day-to-day business, monthly financial statements, underyear activities such as inventory and annual financial statements. Now call the transaction ST03N and navigate to: Collector & Perf. Database > Performance Database > Workload Collector Database > Reorganisation > Control Panel.
Deletion of change documents
The difficulty in assigning permissions to the S_DATASET object is determining the correct values for the FILENAME and PROGRAMME fields. If you have not specified a path in the FILENAME field, only the files in the DIR_HOME directory will be allowed.
HR authorizations are a very critical issue in many companies. On the one hand, HR administrators should be able to perform their tasks - on the other hand, the protection of employees' personal data must be ensured. Any error in the authorization system falls within the remit of a company's data protection officer.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Instead, the aggregated values are entered separately in each field.
However, the authorization trace is not active by default, but must be explicitly activated via the profile parameter "auth/authorization_trace".