Every SAP Basis consultant must know these 10 technology trends
For the authorisation requirement of a user, the transactions with user assignment already awarded should be determined accordingly, in order to be able to exclude them when selecting a suitable role. How does this work? There are various ways to identify specific user-assigned transactions, with varying degrees of result. The following article presents two variants. The first section first describes how to use SUIM to address the problem and what problems are encountered. It then explains how the task can be solved by using the transaction SE16N. As in the previous blog post Identifying all transactions of multiple roles, the roles Test_Schmidt1 and Test_Schmidt2 are used for this. Two of the transactions MM01, MM02, MM03 and MM04 were assigned to these roles in different ways. In the Test_Schmidt1 role, the transactions MM01 and MM02 were entered in the Role menu. In the Test_Schmidt2 role, the transaction MM03 was maintained in the menu of the role, but the transaction MM04 was maintained only in the S_TCODE permission object of the role. Both roles have been assigned to the user SCHMIDT_TEST. Identification of certain transactions with user assignment using SUIM This option is useful if only one transaction is to be checked for its existing assignment to a particular user. The audit is carried out here by means of the transaction SUIM. For this purpose, the variant "Roles according to complex selection criteria" has to be executed in the SUIM. After activating the option "With valid assignment of", the corresponding user and the transaction to be checked will be entered here. It is also recommended to hide the display of the collection roles in the search results.
If you now want to change the permission data, you will be asked for values for the appropriate organisation levels. First enter a tilde (~) and define the value later in the derived roles. Maintain the permissions you want and then generate the master role. Adding the organisational level to the master role Step 2: Define derived roles Create derived roles Assign the master role After you have created the master role, it is the derived roles that are in the process. To do this, re-enter a suitable role name via the PFCG. In our example, it is called "findepartment_d01". For a better overview, it is usually useful to name and number the derivatives after the master roles. You can also define the roles according to a different scheme. After you have created the role, you must then enter the master role in the Derive from Role field in the Description tab. Confirm the Auto Enquiries. Customise the Organisation Levels Now go to the "Menu" tab. There you can see that the data from the master role was automatically copied. Since the role has not yet been generated, the Permissions tab is currently highlighted in red. Therefore, call "Change Permissions Data". The first call should automatically open a dialogue to maintain the organisational levels, as they are still empty. If this is not the case, or if you would like to adjust the organisational levels again in a later case, you can also access them via the button Ordende (see screenshot). If everything worked well, you can now see that the permissions were also automatically taken from the master role. If you generate the role, the permission tab will also appear green. Congratulations, you have successfully created a derived role! Repeat step 2 with the additional derivatives to adjust the organisation levels accordingly.
Optimization of the SAP infrastructure
In this step, a dialogue box prompts you to confirm the commit. If the user does not have permission to execute the transaction SPAM or the current queue has not yet been confirmed, the transaction stops SPAM with a message to that effect. CHECK_REQUIREMENTS In this step, different requirements for inserting are checked. There are the following reason that may cause this step to be cancelled: TP_CANNOT_CONNECT_TO_SYSTEM: tp cannot log in to the system database. QUEUE_NOT_EMPTY: There are incomplete OCS jobs in the tp buffer. You can view these jobs using the following tp command: tp SHOWBUFFER
-D SOURCESYSTEMS= TAG=SPAM You cannot resume the processing of the queue until these jobs have been completely processed or deleted from the tp buffer. DISASSEMBLE In this step, files are extracted from the corresponding OCS files and placed in the /usr/sap/trans/data (UNIX) directory.
Critical business processes require a secure, efficient and stable operation of an SAP system landscape. High demands on the management as well as the operation of the underlying SAP NetWeaver platform require competent support in all tasks of planning, support and updating of the SAP Basis. The increase in installed components as well as systems integrated via interfaces expands these needs. Only with professional care and maintenance of its components can SAP NetWeaver bring its advantages as an integrative platform to bear.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
As a hint: The menu tab "Jump" allows you to set all namespaces or software components simultaneously to "modifiable" or "non-modifiable".
If all tasks considered to be an interface theme are supported by the SAPBasis, this means a very wide range of tasks.