Immediate authorization check - SU53
Advantages of authorization tools
A troublesome scenario you're probably familiar with: You will soon be going live with a new business process and must now derive your roles in 97 accounting circles. Here eCATT can make your life easier. It's time again: If you don't have anyone in your department who likes to press the Copy button for several hours in the PFCG transaction, replace the Derive shortcut, and then customise the Organisation Levels (Origen) in the new roles on the Permissions tab (repeatedly connected to memory), the job will hang on you. Because there is hardly anything more boring, at the latest after one hour the first errors creep in. Whenever you have to roll out new roles, for example for your new premium business, to all your divisions, plants, etc. , the creation of the derived roles is tedious - because SAP does not offer smart mass maintenance.
You will find all the user favourites of a system in the SMEN_BUFFC table; additionally there is the table SMEN_BUFFI, in which the links from the favourite lists are stored. You can simply export this table to Microsoft Excel and then evaluate it. At this point, however, we would like to point out that you may not evaluate the favourites without prior consultation with the users, because the stored favourites are user-related and therefore personal data. The SMEN_BUFFC table contains various fields that determine the structure of the placed favourites. For example, you can create folders in your favourites to sort them. This folder structure can also be found in the SMEN_BUFFC table. However, the entries themselves that you will find in the REPORT field are important for the re-creation of a permission concept. The REPORTTYPE field tells you whether the entry in question is, for example, a transaction or a Web-Dynpro application. In the TEXT field, if required, you will find the description of the favourite entry. In addition, you should also pay attention to the TARGET_SYS field, since favourites can also be entered for other systems, in this case an RFC target system is entered under TARGET_SYS.
RSRFCCHK
Historically grown authorization structures can be found especially in system landscapes that have been in operation for a long time. Instead of small, modular, job-specific roles, existing roles are continually expanded and assigned to different employees in different departments. While this leads to less administrative work in the short term, it causes the complexity of the role to increase massively over time. As a result, the efficiency of authorization development is increasingly lost.
In principle, a technical 4-eyes principle must be implemented within the complete development or customizing and transport process. Without additional tools, this can only be achieved in the SAP standard by assigning appropriate authorizations within the transport landscape. Depending on the strategies used, only certain transport steps within the development system should be assigned to users. When using the SAP Solution Manager ("ChaRM") for transport control, for example, only the authorizations for releasing transport tasks should normally be assigned here. The complete processing of a transport in the development system consists of four steps: Creating and releasing a transport request (the actual transport container), creating and releasing a transport task (the authorization for individual users to attach objects to the respective transport request).
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
On the other hand one can call the system trace over the transaction ST01.
For details on the relevant support packages, please refer to SAP Notes 1921820 and 1841643.