Lack of know-how
User administration (transaction SU01)
The panel menus also simplify the maintenance of permissions to the audit structures. You can select the audit structures or area menus you use in role editing and import them into the roles as menus. If you want to set up a constraint on AIS users to specific audit structures or protect individual audits from access, you can use the S_SAIS authorization object. This object controls access to the audit structures or the audit numbers of individual audits.
There is a special feature for roles if the corresponding SAP system is based on S/4HANA. While under SAP ERP only roles with authorizations for the GUI system were relevant, corresponding business roles are required for the applications under FIORI. In addition to the roles in which authorization objects and authorization values are entered, so-called business roles are also required.
Implementing Permissions Concept Requirements
Now check the SY-SUBRC system variable. If the value is 0, the Permissions Check succeeded. If the value is 4, the test did not pass. At a value of 8, there is an inconsistency in the definition of the authorization object and the verification in the code - this should not happen! If the value is 12, the permission is not part of your permission buffer.
Add missing modification flags in SU24 data: This function complements the modification flag for entries that have changed since the last execution of step 2a in the transaction SU25, i.e., where there is a difference to the SAP data from the transaction SU22. The flag is thus set retrospectively, so that no customer data is accidentally overwritten with step 2a due to missing modification flags.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Although it is possible to send an encrypted e-mail with a fake sender address, in this case the initial passwords in the system would not work.
Critical permissions are permissions that allow you to view or modify security-related configurations in the SAP system, or perform activities that are critical from a legal or business perspective.