Maintain derived roles
In the SU10 transaction, click the Permissions Data button in the User Selection pane. At this point there is a jump to the report RSUSR002. In the selection screen of the report that appears, you can select the multiple selection to the User field by clicking the arrow button and insert the users from your selection by pressing the button (upload from clipboard).
Since developer authorizations correspond to full authorization, they should only be assigned restrictively. This applies above all to the authorization for "debugging with replace" (see "Law-critical authorizations"). The risk of incorrectly assigned developer authorizations has also increased due to the elimination of additional protection via developer and object keys in S/4 HANA systems (see, among other things, SAP Note 2309060). Developer authorizations for original SAP objects should therefore only be granted here upon request in order to avoid unauthorized modifications. If developer keys are still relevant in the existing SAP release, the existing developer keys in table DEVACCESS should first be checked and compared with the users intended for development.
Map roles through organisational management
The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.
In SAP systems, authorization structures grow over the years. If, for example, there is a restructuring in the company or there are new organizations, there is a risk that the authorization concept no longer fits or is implemented correctly.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
For example, during the tests to be performed, both the development system and the quality assurance system will experience permission errors.
To do this, go back to the RSUSR008_009_NEW entry screen and select the critical permissions option in the variant name pane.