Use the authorisation route to identify proposed values for customer developments
Analyzing the quality of the authorization concept - Part 1
You can maintain the SE97 transaction to determine whether or not a transaction should start at origin. The information in this transaction comes from the TCDCOUPLES table and is included. You have the possibility to amend or supplement the proposals listed here. When the CALL TRANSACTION statement is invoked, additional transaction code pairings are written to the TCDCOUPLES table by activating the authorisation trace through the auth/authorisation_trace profile parameter. The check mark indicates whether the test is carried out. By default, it is set to unkempt after performing the trace. If the check mark is set to YES, the transaction startup permission is performed with the S_TCODE object. If applicable, other permissions maintained by the SE93 transaction are also checked when the transaction is called.
Wildgrowth of characters used in user IDs can have negative effects. Set a bar on it by limiting the character set in the first place. In the SAP system, depending on the release of the SAP_BASIS software component, you can create users whose names may contain "alternative" spaces. In Unicode systems, there are different spaces, which are represented by different hexadecimal values. The usual space has a hexadecimal value of 20, but there are alternative spaces (wide spaces), which can be recognised, for example, as double width or not at all as character spacing. You can use these alternate spaces when entering the user ID by pressing the Alt key. For example, the key combination (Alt) + 0160 can create a space with a non-breaking space. You can also create a user whose ID consists only of alternate spaces. Users with such IDs will write all change documents, but the IDs can still cause confusion if, for example, they are not recognisable as a user ID or if it appears that no user is displayed for the change document. In addition, certain special characters may cause problems in other applications (e.g. in transport management). Therefore, we will show you how to prevent such problems by limiting the character set.
Automatically pre-document user master data
With the Enhancement Package (EHP) 3 to SAP ERP 6.0, SAP has provided an extension of the eligibility tests in the FIN_GL_CI_1 Business Function, which allows the eligibility objects for profit centres to be tested in FI. You must first enable the FIN_GL_CI_1 Business Function in the Switch Framework (transaction SFW5). After that, you can activate the new functionality in Customising via this path: Finance (new) > Basic Financial Settings (new) > Permissions > Enable Profit Centre Permissions Check.
To maintain open permission fields in roles, you need information from the Permissions System Trace. But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually. The information on which values can be entered can be read from the Permissions system trace and maintained manually in the PFCG role. However, this can be very complex, because a function that takes these values into the PFCG role has been missing.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Part of the transaction code (e.g. AW01N), part of the report name (e.g. RFEPOS00), or the logical database (e.g. SAPDBADA) is relevant here.
For each area, the connection to other modules is the first priority.