In the transaction, select SU10 by login data of users
Create permissions for customising
Launch the QuickViewer for SAP Query with the SQVI transaction. Create a new query named ZMYSUIM on the entry screen. Enter a description of it and - this is the most important step - specify a table join as the data source. You can now specify your data sources on the following screen. You can select the tables in the menu via Edit > Insert Table (or by pressing the button ). In our case, this would be the AGR_ 1251 table for the Role Permissions Values and the AGR_USERS table for the user assignments in rolls. The system automatically proposes a join of the tables via shared data columns. In our example, this is the name of the role.
In general, you should note that not all relevant change documents of a system are present in the user and permission management. As a rule, authorisation administration takes place in the development system; Therefore, the relevant proof of amendment of the authorisation management is produced in the development systems. By contrast, you will find the relevant user administration change documents in the production systems; Therefore, you should note that when importing roles and profiles in the production systems, no change documents are written. Only transport logs are generated that indicate that changes have been made to the objects. For this reason, the supporting documents of the development systems' authorisation management are relevant for revision and should be secured accordingly.
Authorization objects of the PFCG role
As long as the corresponding tests in both the development and the quality system are not completed, the SAP_NEW profile will be assigned to the testers in addition to their previous roles. This ensures that the transactions can be traversed without errors of authorisation. Parallel enabled permissions (ST01 or STAUTHTRACE transactions) can be used to identify the required permissions and assign them to the user through the appropriate roles.
The programmer of a functionality determines where, how or whether authorizations should be checked at all. In the program, the appropriate syntax is used to determine whether the user has sufficient authorization for a particular activity by comparing the field values specified in the program for the authorization object with the values contained in the authorizations of the user master record.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
So far, changes in the SE97 transaction have been overwritten by inserting support packages or upgrades.
To do this, go to the Permissions tab and select the Change Permissions Data button.