Calling RFC function modules
Use usage data for role definition
Before you can start upgrading the suggestion values and roles, you need to consider a few things. SAP Note 1539556 lists all questions and answers about the administration of proposed values. Already at the start of the transaction SU25 you will be alerted in a pop-up window to the SAP notice 440231 (upgrade preparation for the profile generator). This note provides information on recommended revisions for certain SAP base versions and recommendations for additional guidance, which are listed in the Annexe.
In principle, a technical 4-eyes principle must be implemented within the complete development or customizing and transport process. Without additional tools, this can only be achieved in the SAP standard by assigning appropriate authorizations within the transport landscape. Depending on the strategies used, only certain transport steps within the development system should be assigned to users. When using the SAP Solution Manager ("ChaRM") for transport control, for example, only the authorizations for releasing transport tasks should normally be assigned here. The complete processing of a transport in the development system consists of four steps: Creating and releasing a transport request (the actual transport container), creating and releasing a transport task (the authorization for individual users to attach objects to the respective transport request).
Optimization of SAP licenses by analyzing the activities of your SAP users
The following sections first describe and classify the individual components of the authorization concept. This is followed by an explanation of which tasks can be automated using the Profile Generator.
Roles reflect access to data depending on the legitimate organisational values. This information should be part of the naming convention, as these roles differ only in their organisational but not in their functional form.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Access to tables and reports should be restricted.
The checks are performed on the permissions associated with the roles and profiles assigned to the reference user.