Restrict Application Server Login
Unclear responsibilities, especially between business and IT
A note on the underlying USKRIA table: This table is independent of the client. For this reason, you cannot maintain this table in systems that are locked against cross-client customising. In this case, you should create a transport order in the development system and transport the table to the production system.
Transaction SU53 can be used to immediately display the missing authorizations for a single SAP user. This is advantageous when individual background processing or activities are not executed correctly and the cause is suspected to be missing authorizations. In this way, the cause of the error can be narrowed down more quickly.
Debug ABAP programs with Replace
Every large company has to face and implement the growing legal requirements. If the use of an authorization concept is to be fully successful on this scale, the use of an authorization tool is unavoidable. For medium-sized companies, the use of an authorization tool is usually also worthwhile. However, decisions should be made on a case-by-case basis.
With the Enhancement Package (EHP) 3 to SAP ERP 6.0, SAP has provided an extension of the eligibility tests in the FIN_GL_CI_1 Business Function, which allows the eligibility objects for profit centres to be tested in FI. You must first enable the FIN_GL_CI_1 Business Function in the Switch Framework (transaction SFW5). After that, you can activate the new functionality in Customising via this path: Finance (new) > Basic Financial Settings (new) > Permissions > Enable Profit Centre Permissions Check.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
If so, you should take precautions and restrict access to sensitive data.
You can also determine if a user has changed his initial password.