Starting Web Dynpro ABAP applications
The requirements in the third example to filter the Post Journal Display (transaction FAGLL03) can be implemented using the BAdIs FAGL_ITEMS_CH_DATA. Depending on the permissions granted, certain items or documents should be excluded from display. You can see the definition of BAdIs through the SE18 transaction, and in the SE19 transaction you create an implementation of the BAdIs in the Customer Name Room.
If you want to set up a new client or take over the movement data of the productive system in a development system, you should also consider the modification documents. If you have a client copy, you should first delete the indexing of the change documents (table SUIM_CHG_IDX), since you can restore the indexing after the copy. To do this, use the SUIM_CTRL_CHG_IDX report without selecting a date and check the Reset Index box. After the copy has been made, delete the change documents that are dependent on the client; This also applies to the client-independent change documents (e.g., proposed permissions, table logs) if you have copied the client to a new system. In addition, you should remove the shadow database alterations before copying the client and complete the index build after the copy. In any case, check the Reset Index box in the SUIM_CTRL_CHG_IDX report!
Set password parameters and valid password characters
Trace after missing permissions: Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
Using these authorizations, any source code can be executed independently of the actual developer authorizations and thus any action can be performed in the system. This authorization should only be assigned to an emergency user.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
As a user administrator or role administrator, you can also call SU53 yourself and display the error entry of another user via the menu.
You want to secure access to the application server files? Find out what the S_DATASET and S_PATH authorization objects offer, what limitations are, and what pitfalls are lurking.