Authorization Analysis
What are the advantages of SAP authorizations?
First, the Web application developers must implement appropriate permission checks and make PFCG available for use in role maintenance in the transaction. This includes the maintenance of proposed values in the transaction SU22. The SAP Note 1413012 (new reusable startup authorisation check) provides all the necessary details.
Many tools that offer to simplify care operations of the transaction PFCG work Excel-based. The complete roll data is stored and processed in Excel. Then the Excel file is uploaded with a special programme and generates roles and role changes. While this all looks very comfortable (and probably is at first), it has its drawbacks in the long run.
Query Data from a Local Table
The Security Audit Log now also logs events where the runtime was affected by the debugger. New message types have also been defined in this context. To install this extension, you will need a kernel patch. For the fixes and an overview of the required support packages, see SAP Notes 1411741 and 1465495.
In a local table, find an entry for the user ID that you are creating in the SU01 transaction. For example, such a local table might be an Active Directory replication or a mini personnel master set, or you may have another data source that you replicate to your SAP system. Then, fill in the fields of transaction SU01 with the data from the local table.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Access to tables and reports should be restricted.
You are free to make any manual adjustments to the field values.