Installing and executing ABAP source code via RFC
Suitable for this responsible task are, for example, department heads or SAP key users who are familiar with all data access options (cross-module, via report, directly to the raw table, etc.) as well as with the organizational and technical protection measures. By signing the data ownership concept, the responsibility should be acknowledged and taken as seriously and bindingly as, for example, the signature under the purchase contract of a house.
Eligibility objects that were visible in the permission trace are quickly inserted in rolls. But are they really necessary? Are these possibly even critical permissions? A review of the Permissions Concept can reveal that critical permissions are in your end-user roles. We would like to give you some examples of critical permissions in this tip. It is helpful to know which authorization objects are covered by the critical permissions. They must also ask themselves whether the granting of these allowances entails risks.
SAP Authorization Trace - Simple Overview of Authorizations
Administrative activities are used to control system behavior and make various security-relevant settings. To minimize the risk of a system failure or the creation of a security vulnerability, administrative rights should only be granted to employees in the basic administration. The following list may be supplemented by suggestions from the company's own administration. It contains only the most important authorization objects for each subject area.
Balance: In the settlement transactions, the user is only presented with the supporting documents for which he or she has permission. If the Profit Centre field is not filled in the journal view (Table BSEG), the general ledger view (usually Table FAGLFLEXA) is checked. To compensate, we recommend that you include the Profit Centre in the selection fields of the balancing transactions.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
The necessary steps are described in SAP Note 330067.
If you create a user in the SU01 transaction in an SAP system, there is almost always data about that user in other systems.