Basic administration
Use SAP_NEW correctly
Make sure that reference users are assigned minimal permissions to avoid overreaching dialogue user permissions. There should be no reference users with permissions that are similar to the SAP_ALL profile.
If you do not see the Expert Mode button for step 2 in the SU25 transaction, check whether you can call the expert mode from the SU24 transaction by clicking the Sample Value Match button. In this view, it is possible to select the proposed values to be matched by specific selections, so that not all proposed values are used for matching. In the first selection, you can choose the data to take. You can select here whether only SAP standard applications or customer or partner applications should be considered. You can still limit the selection by type of application, package, or component shortcut in the Other Constraints pane. In the Application Search pane, you can also limit the SU22 data to an upload file, transport jobs, or role menus.
Even if key users (department users/application support) do not have to develop their own authorization objects and cooperation with SAP Basis is always advantageous, there are often technical questions such as "Which users have authorization to evaluate a specific cost center or internal order?
Single role - Created using the role administration tool, it enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu of the users.
You can use the function block level permission check by setting the FUNC value in the RFC_TYPE field in the S_RFC authorization object. If you still want to allow function groups, specify the value FUGR here. Depending on the RFC_TYPE field, type the name of the function block or group in the RFC_NAME field (name of the RFC object to be protected). This extension of the test is provided by the correction in SAP Note 931251.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
These eligibility tests are also a novelty, which is supplemented by SAP Note 513694.
Again the object CP is not known.