Lack of know-how
In the transaction, select SU10 by login data of users
The SAP authorization concept must generally be created in two versions: for the ABAP stack and for the Java stack. Which roles are required, which role may call which SAP functions, and other conceptual issues are identical. However, there are fundamental differences between the two versions.
The SU25 transaction lists additional customisation options in addition to upgrade activities. Under the item Adjustment of the permission checks (optional) are the transactions SU24 for the maintenance of the value of the proposal, the transaction AUTH_SWITCH_OBJECTS for the global elimination of the authorization objects as well as the transaction SE97 for the maintenance of transaction startup permissions checks (see Tip 76, "Maintain transaction start permissions when calling CALL TRANSACTION"). In the Manual Adjustment section of selected roles, you can create roles from manually created profiles, generate SAP_NEW (see Tip 64, "Use SAP_NEW correctly"), or generate SAP_APP as roles. In the General maintenance for suggestion values section, the reports SU2X_CHECK_WDY_HEADER for the registration of header data for external services (see tip 38, "Use the SU22 and SU24 transactions correctly") and SU2X_CHECK_CONSISTENCY for the concession test (available via the in SAP Note 16466666446445) 692 named Support Package) of suggestion values for the selected authorization objects.
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
SAP authorizations are a security-critical and thus an immensely important topic in companies. They are used not only to control the access options of users in the SAP system, but also the external and internal security of company data depends directly on the authorizations set.
Authorizations can also be assigned via "Shortcut for SAP systems".
According to our project experience, some naming conventions are particularly attractive.
However, ongoing maintenance of the permissions system, with continuous changes to roles and their detail permissions, requires the mapping of much more complex operations.