The SAP authorization concept
Use SU22 and SU24 transactions correctly
For accesses by verifier users (from the table TPCUSERN), the selection parameters of the invoked transaction are logged in the application log and can be evaluated with the report CA_TAXLOG. In the example, the single ledger entry for the vendor account 100000 was invoked.
In the SAP standard, there is no universally applicable way to automate the mass maintenance of role derivations. We therefore present three possible approaches: 1) Approach to custom development 2) Automated mass maintenance using the Business Role Management component 3) Use of a pilot note that allows a report for mass update of organisational values in rolls (currently available to selected customers) (BRM) from SAP Access Control.
Permissions checks
The permissions on database objects show you the details of the user's permissions to access the object. In the following example, the MODELING role includes permission to use the _SYS_BI object with the EXECUTE, SELECT, INSERT, UPDATE, and DELETE privileges. In addition, a user assigned this role is not allowed to pass these privileges on to other users (Grantable to Others). Our role as an example also includes Analytical Privileges and Package Privileges, which are not discussed here.
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
In addition, the master records can be adjusted so that it is possible to work with the different currencies of the company codes across countries.
All this information about the changes to the ZBV configuration has not been centrally logged.