Make mass changes in the table log
Get an overview of the organisations and their dependencies maintained in the system
If you have created your own applications, we recommend that you always implement your own permission check and do not just rely on application startup permissions such as S_TCODE, S_START, S_SERVICE, and S_RFC. If you want to add your own checks to standard applications, you must first find the appropriate place to implement the check. To develop without modification, SAP offers user-exits or business add-ins (BAdIs) for such cases. Some SAP applications also have their own frameworks in place that allow customisation-free implementation of their own permission checks, such as the Access Control Engine (ACE) in SAP CRM.
When were which changes made to a role (PFCG)? In the PFCG, click on Utilities > View Changes in the menu at the top to view the change documents. You will see a detailed list of which user made which change to which object and when.
What are SAP authorizations?
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.
With regard to the SAP authorization system, roles and the associated authorization objects, fields and values represent the foundation. Therefore, these check criteria are in the special focus of the authorization analysis of security-relevant characteristics of each authorization administrator. The report RSUSRAUTH is used to display role or authorization data in the respective client. The report analyzes all role data that are anchored in the table AGR_1251. This allows you to quickly find and clean up incorrect and security-critical authorizations not only by selecting the maintenance status of the authorizations, but above all by storing certain authorization objects and controlling them. This ad hoc analysis thus offers you a time-saving method of checking many roles at once according to your own critical characteristics. You can then make full use of this program by importing SAP Note 2069683.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Then create a variant.
Delete invalid SU24 Checkmarks: This function deletes all records that contain an unknown value as a check mark.