Maintain generated profile names in complex system landscapes
Get an overview of the organisations and their dependencies maintained in the system
As part of the use of a HANA database, you should protect both the execution of HANA database functions as well as the reading or altering access to the data stored in the database by appropriate permission techniques. Essential to the permission technique are database objects such as tables and views - which allow access to the stored data - as well as executable procedures and users. The specific HANA-specific permissions assigned to a user are referred to as privileges in the HANA context.
Trace after missing permissions: Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
Authorizations in SAP BW, HANA and BW/4HANA
If you have defined the roles to the extent that the essential processes are depicted, then you will technically check which organisational features they contain (organisational levels, but also cost centres, organisational units, etc.). You then compare the technical result with the result from the consideration of the structure organisation and the business role description. A likely result is that you do not have to use all technical organisational features for differentiation. A possible result is that you want to add fields such as the cost centre to the organisation level.
In a local table, find an entry for the user ID that you are creating in the SU01 transaction. For example, such a local table might be an Active Directory replication or a mini personnel master set, or you may have another data source that you replicate to your SAP system. Then, fill in the fields of transaction SU01 with the data from the local table.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed.
Secure management of this access is essential for every company.