Structural authorizations
Ensuring secure administration
Role credentials saved by the last edit are displayed. This option is not recommended if transactions have been changed in the Role menu.
The programmer of a functionality determines where, how or whether authorizations should be checked at all. In the program, the appropriate syntax is used to determine whether the user has sufficient authorization for a particular activity by comparing the field values specified in the program for the authorization object with the values contained in the authorizations of the user master record.
Error analysis for authorizations (part 1)
If an authorization system grows too much over the years and there is no structured approach, the result is uncontrolled growth. If companies wait too long with the cleanup, a complete rebuild of the authorization structure or a new concept may make sense. This must be clarified quickly in the event of a cleanup.
The permission checks are logged as part of the system trace in transaction ST01. It records all permission checks and validated permission values for a specific application server, and specifies, depending on the client, whether the permission checks were successful or not. The Trace display has now been improved (see also SAP Note 1373111).
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The object has the fields AUTHPGMID, AUTHOBJTYP and AUTHOBJNAM, which correspond to the key fields PGMID, OBJECT and OBJ_NAME of the object catalog (table TADIR).
This function block not only responds to a missing permission when the programme starts, but can also specify that only the NO-CHECK check marks maintained in the transaction SE97 allow external calling from another transaction context.