Check for permissions on the old user group when assigning a new user group to a user
Which authorization objects are checked (SU22)? When calling a transaction, such as the ME23N, various authorization objects are checked. You can get an overview as follows: Call transaction SU22 (SAP tables) or SU24 (customer tables), enter e.g. "ME23N" in "Transaction code" and execute the transaction. As a result you will see all authorization objects that are checked when calling transaction ME23N.
Each roll can be written to any number of transport orders. Information about existing records of the same role by other administrators does not take place.
Restrict Application Server Login
Authorizations are assigned to users in SAP systems in the form of roles. The goal is to create a system that is as secure as possible and to keep the complexity and number of roles as low as possible. This is the only way to achieve a balanced cost-benefit ratio.
Which authorization data does a role have (PFCG)? Again, start the transaction PFCG and display a role. Then branch to the tab Authorizations and click on the button with the "glasses" (bottom left): Display authorization data.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
For the Client and User selection criteria, you can use generic values, i.e. you can select all clients or users that meet specific naming criteria (e.g., Client 10* or User SOS_*).
SAP authorizations control the access options of users in an SAP system, for example to personal data.