User Information System SUIM
Our services in the area of SAP authorizations
For the application identifier (defined in the TBE11 table), see the TPCPROGS table. The organisational unit is evaluated in the context of the application label. In general, this is the accounting area.
The security of an SAP system is not only dependent on securing the production system. The development systems should also be considered, since here it is possible to influence the productive system via changes to be transported in the development environment and in customizing or via inadequately configured interfaces. Depending on the conceptual granularity of responsibilities in the development and customizing environment, more detailed authorization checks may need to be performed.
User administration (transaction SU01)
Partners delivering their developments also maintain the proposed values for their applications in the transaction SU22. If customers are developing systems that supply other system landscapes than your system landscape and require different SU24 suggestion values per system, the proposed values in transaction SU22 will be maintained. The profile generator uses only the values of the transaction SU24 in your customer environment as a data base. To maintain the suggestion values, you can use both the System Trace data for permissions from the ST01 or STAUTHTRACE transaction and the data from the permission trace in the SU24 transaction (see Tip 39, "Maintain suggestion values using trace evaluations").
In the IT sector, we have to face new challenges every day. New technologies require us to act accordingly in order to always keep the current system landscape up to date, to strengthen our position on the market and, of course, to gain a technological edge over other competitors. This is also reflected in the corresponding SAP system landscape. Read in the two-part blog series why an authorization concept should be considered as early as possible in a project phase - especially when converting to SAP S/4HANA.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
The role descriptions and the report help to work in a DSGVO-compliant manner.
Here you also decide whether and how the tables can possibly be maintained in the productive system.