OS, Operating Systems
System copy, system update, etc
It is of great importance to keep the knowledge of SAP Basis experts in the company transparent. One possibility is of course to "look over the shoulder" or to ask the expert directly. However, this is very time-consuming and puts a strain on the expert himself.
Whenever you find a red traffic light on the Roles tab in the user master in SU01 - or a yellow traffic light on the Users tab in PFCG, you can usually solve the problem with a simple user synchronization. The fact that such a user adjustment is necessary can have several reasons. Among others: after a role transport to / when assigning users to roles via PFCG after restricting the validity of roles to users when roles are assigned indirectly via organizational management. Users usually notice the problem of a user comparison that has not been carried out quite quickly: Authorizations are missing, although at first glance they are available in the assigned authorization roles. This is because a user is assigned the correct authorization role - but the profile associated with the role is not up to date.
SAP Basis - Administration of SAP system landscapes
In order for the stored business logic of an application to be executed correctly, the executing user must also have the necessary permission objects in the flow logic of the OData services in his role. If Authority Checks are performed here, e.g. to query or change data on the backend server, the corresponding role must be authorised. These permissions are expressed in a role by permission objects, as in any ABAP report. If you follow these steps, your Launchpad users should have the Fiori permissions necessary to launch the launchpad, view all relevant tiles, and run the specific apps with their business logic.
You would like to know more about what is happening on your SAP systems - then I recommend that you take a closer look at the Solution Manager Usage Procedure Logging (UPL) functionality. What code is often executed? Which database tables are accessed regularly? What unused developments exist? - The UPL provides answers to these questions. You can implement the functionality into your existing SAP landscape without additional licence costs and with moderate effort. What information does the UPL provide? Usage Procedure Logging is used to log and record user behaviour data roughly comparable to the ST03N workload statistics. UPL is able to record the call and execution of the following ABAP objects: Reports Functional Blocks Classes Methods Subroutines SQL Calls In addition, UPL is able to detect dynamic programme calls and generate transparency about the modifications used. All usage data is recorded in detail and automated and, if desired, made available centrally in the SAP Solution Manager. Benefits 1) Hardly measurable Performance Impact 2) Central collection of data of all systems in the SAP Solution Manager's BW 3) No complex setup 4) Once activated, the collector and extractor jobs run regularly and without further manual activities Possible usage scenario If you have Solution Manager 7.2 in use, you can use UPL within the framework of "Custom Code Lifecycle Management" (in German: management of customer developments). After one activation of the BW content and some standard jobs, you select one or more systems for which you want to activate UPL. If you already have the SP05 installed, there is a separate "Guided Procedure" for configuring the UPL in SOLMAN_SETUP.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
After the query is executed, all the roles assigned to the previously entered user are displayed.
Manual identification of critical SAP permissions is difficult overall.