Set Configuration Validation
SAP Data Analytics
Of course, these objects can be adapted to the requirements of a company at any time. If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program. If the standard objects do not meet the desired requirements, the programmer can create his own authorization objects that contain the required authorization fields.
With the Enhancement Package (EHP) 3 to SAP ERP 6.0, SAP has provided an extension of the eligibility tests in the FIN_GL_CI_1 Business Function, which allows the eligibility objects for profit centres to be tested in FI. You must first enable the FIN_GL_CI_1 Business Function in the Switch Framework (transaction SFW5). After that, you can activate the new functionality in Customising via this path: Finance (new) > Basic Financial Settings (new) > Permissions > Enable Profit Centre Permissions Check.
Role Management
The next step is to evaluate the usage data; here the monthly aggregates are typically sufficient. These include the user ID, function block, and number of calls. For an overview of the usage data already stored in the system, see the SWNC_COLLECTOR_GET_DIRECTORY function block (GET_DIR_FROM_CLUSTER = X input parameter). The actual downloading of the usage data is then performed using the function block SWNC_COLLECTOR_GET_AGGREGATES.
You can access the ABAP Test Cockpit from the context menu of the object to be checked via Verify > ABAP Test Cockpit. Note that the global check variant of the Code Inspector that you created in the transaction SCI and that is entered as the default in the transaction ATC (ATC configuration) includes the security tests of the extended programme check of the SAP Code Vulnerability Analyser.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Database > Performance Database > Workload Collector Database > Reorganisation > Control Panel.
Now, if a user attempts to execute a report (for example, by using the KE30 transaction), the user's permissions for that authorization object are checked.