Read the old state and match with the new data
Integrate S_TABU_NAM into a Permission Concept
You can also evaluate the application log through the SLG1 (ATAX object) transaction; the output of the report CA_TAXLOG seems more useful here. Finally, we have some important information for you: There are individual programmes that can be used read-only, but also offer options for updates to the database. In these cases, additional logic was implemented (e.g. in SAP Note 925217 to the RFUMSV00 programme for the sales tax pre-reporting). Action log data can be accessed via the transaction SLG2 (Object: ATAX) (see also SAP Note 530733). If you want to customise for the annual permissions directly in the production system (so-called "current setting"), the SAP Note 782707 describes how to do this. Basic information about Current Settings is provided in SAP Notes 135028 and 356483. SAP Note 788313 describes in detail the functional components of the time-space test and the additional logging and also serves as a "cookbook" to use in customer-specific developments. How you can prevent access to the SAP menu and only show the user menu to the user, we described in Tip 47, "Customising User and Permissions Management".
In compliance with the minimum principle and the separation of functions, the roles used must be defined, along with specifications for their naming, structure and use. Close attention should also be paid to the application and allocation process in order to prevent authorization conflicts, which arise primarily as a result of employees' changing or expanding areas of responsibility.
Security within the development system
The More node details area allows you to configure additional settings. For example, by activating the Default Page setting, the selected transaction (in our example MM03) is called first when the parent folder (in our example of the Material Stems folder) is retrieved. The Invisible setting means that the transaction is not visible in the menu, but can be called from a button.
In the Output pane, you can view the change documents of a remote subsidiary system, or in the Selection Criteria pane, you can restrict the change documents for the central system (transmit system) or only for specific daughter systems. In the lower part, you can select the distribution parameters that you are interested in changing. The evaluation includes information about all changes in the ZBV configuration and in the attached subsidiary systems, as of the time the corresponding release or support package was inserted into the systems. In addition to the date, time and modifier, the evaluation also contains information about the respective model view, the status of the configured system and the action taken (old value and new value). In our example, you will see changes that have occurred in the SCUA transaction, such as creating a model view and adding subsidiary systems, changes made in the SCUG transaction, such as the user adoption, and changes to the distribution parameters in the SCUM transaction.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If business partners are deposited to the user IDs, the standard evaluation paths lead to a dead end.
To minimize the effort for the same job profiles with different organizational affiliations, the organizational units are inherited via an additional role.