Which challenges cannot be solved with authorization tools alone?
Advantages of authorization concepts
In addition to existing authorization objects, you can also create your own authorization objects and select existing authorization fields such as Activity (ACTVT). To the individual fields then, as with ACTVT, the permissible options which are deposited at the field can be specified. Thus, for an own authorization object with the authorization field ACTVT, the activity 01 Add or Replace, 02 Change and 03 Display can be selected and would then be available as a selection in the authorization field in the role maintenance.
CREATE_EMAIL_CONTENT: The example implementation of this method generates the e-mail content. The user ID, the relevant system and the initial password are listed for each user. When the method is called in the Central User Management (ZBV), all initial passwords associated with the system in which the password was reset are listed. You should adapt the content of the e-mail to your requirements.
Temporarily disable Central User Management
If the changes to your SU24 data have not been detected with step 2a, or if you have imported transports from other system landscapes into your system, you have the option to reset the timestamp tables and start again. To do this, run the SU24_AUTO_REPAIR report in a system that is still at the state of the legacy release so that the modification flag is set correctly (see tip 38, "Use the SU22 and SU24 transactions correctly"). Subsequently, you create a transport and transport your SU24 data to the system, which is at the state of the new release. Now delete your timestamp tables. You can use the report SU25_INITIALIZE_TSTMP. Starting with SAP NetWeaver 7.31, you have the choice to set the reference time stamp from the SU22 data or delete the contents of the time stamp tables. You can then run Step 2a again.
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
For collective unlocking, you only want to select users with an administrator lock.
The CALL TRANSACTION ABAP command does not cause a transaction startup permission check.