Make mass changes in the table log
Permissions checks
The relevant authorization objects are then displayed in an ALV list and the documentation for the authorization object can be called up via the I in the Docu column. This documentation then displays much more detailed information about the respective authorization object as well as the defined fields.
To maintain suggestion values, use the transaction SU24. Here you can view and customise suggestion values for all types of applications, such as SAP GUI transactions, RFC building blocks, or Web Dynpro applications. One way to maintain suggestion values is to use the system trace, which is linked to the transaction SU24 after inserting the support package named in SAP Note 1631929 and the correction instructions. This means that from the transaction SU24 you start the system trace, collect trace data and use this data directly during maintenance.
Set password parameters and valid password characters
Conceptually, the user types Database User and Technical User are distinguished. Database users are users that represent a real person in the database. As soon as a Database User is deleted, all (!) database objects created by this Database User are also deleted. Technical users are users who perform technical tasks in the database. Examples include the SYS and _SYS_REPO users, which allow administrative tasks such as creating a new database object or assigning privileges.
Finally, we want to give you some recommendations for securing file access. The SPTH table allows you to protect the file system from ABAP programme accesses without granting permissions and to deliberately define exceptions. The problem is identifying the necessary exceptions. However, because the SPTH check is always performed together with the S_DATASET object check, you can use a long-running permission trace to find the paths that are used with filters for the S_DATASET authorization object. The procedure for this is described in detail in our Tip 39, "Maintain suggestion values by using trace evaluations". If you are using applications that access files in the DIR_HOME directory without a path, such as the ST11 transaction, you must specify access to the allowed file groups individually (e.g. dev_, gw_), because there is no wild card for DIR_HOME.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
As part of the use of a HANA database, you should protect both the execution of HANA database functions as well as the reading or altering access to the data stored in the database by appropriate permission techniques.
These are the OBJECT1 to OBJECT7 fields for the first to the seventh tab.