SAP Authorizations - A Common Perspective of Developers and Consultants
Perform Risk Analysis with the Critical Permissions Report
When pasting permission field values from the Clipboard, the values are added to the existing entries. You must also separate the value intervals when inserting with the help of the tab stop. If permissions for the individual values do not exist for maintenance, they are rejected, i.e. not taken over. The Insert function from the Clipboard is also available in the dialogue box for maintaining the organisation levels. The Copy to Clipboard and Paste from Clipboard functions are not available if you maintain field values that allow only the selection of fixed values. For example, this is the case in the Activity field.
I will go into more detail on the subject of further training in the SAP environment at the next opportunity. As a small anticipation, I may refer here to some SAP blogs on the subject of SAP Basis or also the VideoPodcast "RZ10 LIVE SAP BASIS AND SECURITY" from rz10.de picks up topics in the area of authorizations again and again and is instructive here :-).
Authorization objects
DDIC: DDIC is the only user able to log in or make changes to the ABAP Dictionary during installations and release changes. It is also used in the client 000, e.g. for certain jobs or Unicode conversions. DDIC exists in all clients except 066. Safeguard measures: In all systems (except for client 000 due to upgrade features), set DDIC to the System user type. If necessary, you can switch it back to a dialogue user using the Emergency User. Change the password, assign the user to the SUPER user group, and log it with the Security Audit Log.
Then you create a subroutine with the same name as the User-Exit definition and programme your customised checks (for example, for specific data constellations or permissions). Include the exit definition (UGALI) via the GGB0 transaction. You will need to call this transaction again to read the programmed exit and select it.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Otherwise, a company may suffer economic damage and the resulting damage to its image.
You can edit these suggested values in the SU24 transaction.