User Interface Client Permissions
Know why which user has which SAP authorization
By clicking on the Registration Data button, you start the RSUSR200 report and you enter the selection mask. This report allows you to select users by login data. You can also determine if a user has changed his initial password. You can select a predefined variant from the catalogue using the button (Get variant) or the key combination (ª) + (F5).
With "SIVIS as a Service" we present you the best solution for central user and authorization management in SAP. This replaces and protects you from the development end of your central user administration (SAP ZBV). SIVIS offers over 20 functions that you can flexibly combine (SaaS model), e.g. over 1,000 role templates for S/4HANA! This means that a new authorization concept can be quickly implemented! The encrypted connection to your SAP systems enables secure distribution of all changes made in the SAP standard.
Use the authorisation route to identify proposed values for customer developments
To make changes to the table logger, you must have the same permissions as the SE13 transaction to customise, so you must have the appropriate permissions for all tables to modify. The changes are always written to a transport order. The RDDPRCHK report allows you to enable table logging for multiple tables; however, it is not possible to disable logging on multiple tables. This is still only possible through the SE13 transaction.
The next step is to evaluate the usage data; here the monthly aggregates are typically sufficient. These include the user ID, function block, and number of calls. For an overview of the usage data already stored in the system, see the SWNC_COLLECTOR_GET_DIRECTORY function block (GET_DIR_FROM_CLUSTER = X input parameter). The actual downloading of the usage data is then performed using the function block SWNC_COLLECTOR_GET_AGGREGATES.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
This limitation of access programmes already represents a security gain, even if you do not want to restrict access to paths and files.
A self-service that uses the Business Application Programming Interfaces (BAPIs) can counteract this.