User administration (transaction SU01)
Check for permissions on the old user group when assigning a new user group to a user
This missing functionality comes with SAP Note 1902038 and can only be recorded via the respective support packages for SAP NetWeaver Releases 7.31 and 7.40. The ZBV's change documents are written for the USER_CUA change document object. The analysis of the change documents can be accessed using the following methods.
A troublesome scenario you're probably familiar with: You will soon be going live with a new business process and must now derive your roles in 97 accounting circles. Here eCATT can make your life easier. It's time again: If you don't have anyone in your department who likes to press the Copy button for several hours in the PFCG transaction, replace the Derive shortcut, and then customise the Organisation Levels (Origen) in the new roles on the Permissions tab (repeatedly connected to memory), the job will hang on you. Because there is hardly anything more boring, at the latest after one hour the first errors creep in. Whenever you have to roll out new roles, for example for your new premium business, to all your divisions, plants, etc. , the creation of the derived roles is tedious - because SAP does not offer smart mass maintenance. The SAP standard offers various ways to record and play on a massive scale. These tools are generally available for all operations in the SAP system, not just for role maintenance. Therefore, they are also more complex to operate, in order to be able to cover as flexibly as possible all possible application scenarios. eCATT is also no exception, so many users are still afraid to use it. But we can tell you from experience: After the second or third time, the creation of the test scripts is so quick that you'll wonder why you haven't always done it this way.
Assignment of critical authorizations and handling of critical users
In IT systems to which different users have access, the authorizations usually differ. How an authorization concept for SAP systems and the new SAP S/4HANA for Group Reporting can look.
When assigning a new user group to a user, only the creation permission in the new user group is required. Alternatively, you can enable the check for activity 50 (Move) of the S_USER_GRP authorization object. In the USR_CUST table, set CHECK_MOVE_4_CNG_GRP to YES.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Therefore, simply change the result area in the Customising window using the following path: Controlling > Income and market segment accounting > Structures > Set result area.
If TADIR services or external services are developed by the customer or partner, these services are not available by default in the SU22 transaction or the SU24 transaction.