Emergency user concept
Set password parameters and valid password characters
If you set the profile parameter dynamically, no users are logged out of the application server. You can prepare maintenance work in good time. The value 2 in the profile parameter does not prevent the login with the emergency user SAP*, if this is not set as user master record and the profile parameter login/no_automatic_user_sapstar is set to 0. You can also change the value of the parameter again at the operating system level. For details on the SAP user, see Tip 91, "Handling the default users and their initial passwords".
In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
There may be other objects associated with the site that you can also assign a PFCG role to. As in our organisation chart, you can assign three different PFCG rolls to the user. You can assign the PFCG roles to either the organisational unit, the post or the post. In this hierarchy, you assign the user as the person of the post. The user is assigned to the person as an attribute and therefore not visible in the organisational model. An HR structure could be mapped via this hierarchy. Since the PFCG roles are not directly assigned to the user but to the objects in the Organisation Management and the user is assigned to the PFCG roles only because of his association with these objects, we speak of an indirect assignment.
If you do not have authorization e.g. for a transaction and you get a message that you are missing authorization, you can use transaction SU53 to analyze the missing authorization. This transaction shows the last failed authorization check, including the authorization objects and authorization fields.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Among other things, it must be ensured that the production system is protected against any kind of changes and therefore no direct development is possible.
To develop without modification, SAP offers user-exits or business add-ins (BAdIs) for such cases.