Use application search in transaction SAIS_SEARCH_APPL
Authorizations in SAP systems: what admins should look out for
SAP Note 1854561 provides a new possible value for the auth/authorisation_trace parameter: F (Trace enabled with filter). Allows you to limit the permission trace to values that can be set by the filter. The filters are defined in the STUSOBTRACE transaction (see SAP Note 1847663).
If you use change request management in SAP Solution Manager, you can use the system recommendations in an integrated way. To do this, create an amendment in the system recommendations for the SAP hints to be implemented. To access the system recommendations, you must have permission for the SM_FUNCS object (ACTVT = 03; SM_APPL = SYSTEM_ REC; SM_FUNC = , such as SECURITY).
Understanding SAP HANA Permissions Tests
You may have special requirements that are necessarily to be included in the naming convention, such as when you define template roles in a template project that can be customised locally. You can identify this in the naming.
Some queries are also a bit complicated with the SUIM transaction. With SAP Query, you can quickly assemble queries that enable individual and more complex data evaluations. Do you want to know quickly which valid users currently have a modified access to a particular table, or what roles are users granted permission for a particular transaction? The SAP standard tool, the user information system, is an excellent solution for this type of data retrieval. However, at the latest during the next review, targeted queries with data combinations - and thus several SUIM query sequences - must be delivered within a short time. SAP queries can facilitate this task. An SAP Query is essentially a clear way to scan tables for specific data away from the SE16 transaction. There is the possibility to link multiple tables (join), which makes multiple SE16 queries just one SAP query. For example, if you want to know what roles users are entitled to perform the SCC4 transaction, you can use the SUIM transaction to query to determine which users can perform the transaction and view the roles that enable it in another query, but there is no result that shows both.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Optionally, the next step is to identify function groups for the function blocks.
Before you start and define critical permissions, you should identify your core business processes or functions and then map the conflicting processes in meaningful combinations as so-called risk.