SAP Authorizations A complicated role construct

Direkt zum Seiteninhalt
A complicated role construct
RS_ABAP_SOURCE_SCAN
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.

If you have a Central User Administration (ZBV) in use, there are certain dependencies between the base release of your ZBV and the base release of the subsidiary systems. Check the compatibility of your systems before setting the login/password_downwards_ compatibility profile parameter. For details on the technical dependencies between releases, see SAP Note 1458262.
User Interface Client Permissions
Check to see if there are any corrective recommendations to follow for your release. We recommend that you run the SU24_AUTO_REPAIR correction report before executing the transaction SU25 (see tip 38, "Use the SU22 and SU24 transactions correctly"). If necessary, run this report in the old lease, but in any case before importing the new proposal values. Use the test mode of the report to look at possible corrections in advance. In addition, to ensure that you do not lose information with your upgrade work, you can write and release the data from the SU24 transaction on step 3 (customer table transport) in the SU25 transaction to a transport order. This way, a backup of your SU24 data is made. Now the upgrade work can begin. Warning: Do not perform step 1 (customer tables were initially filled), because this overwrites the USOBT_C and USOBX_C customer tables, i.e. the SU24 data, completely with the SAP suggestion values. However, you want to keep your SU24 data and add to the proposed changes for the new release!

Now, if you want to use the debugger, you can set a Session Breakpoint directly from the source code via the button. Once you call the application and reach the relevant point in your code, the debugger starts and you can move through the programme step by step. Make sure to set external breakpoints via the button if you are calling your application via the browser rather than via SAP GUI.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

Evaluate the security advisories using the system recommendations immediately after the SAP Security Patch Day.

For performance reasons, if you want to archive in shorter intervals, you should always archive all archive objects at the same time and store the PFCG and IDENTITY archive object classes in separate archives.
SAP Corner
Zurück zum Seiteninhalt