Using suggestion values and how to upgrade
User and authorization management
Once you have edited the role menu, you can customise the actual permissions in the PFCG role. To do this, click the Permissions tab. Depending on the quantity of external services from the Role menu, the authorization objects will appear. The authorization objects are loaded into the PFCG role, depending on their suggestion values, which must be maintained for each external service in the USOBT_C and USOBX_C tables. You can edit these suggested values in the SU24 transaction. Make sure that external services in the Customer Name Room also have the names of external services and their suggestion values in the tables maintained (see Tip 41, "Add external services from SAP CRM to the proposal values"). Visibility and access to external services is guaranteed by the UIU_COMP authorization object. This authorization object consists of three permission fields: COMP_NAME (name of a component), COMP_WIN (component window name), COMP_PLUG (inbound plug).
Delete invalid SU24 Checkmarks: This function deletes all records that contain an unknown value as a check mark. This is either C (Check) or N (Do Not Check).
Use application search in transaction SAIS_SEARCH_APPL
The advantage of this feature is that administrators can parse failed permission checks regardless of end users. End users can save their unsuccessful checks to the database using the Save ( ) button. As an administrator, you can also back up failed permission checks from other users. The Saved Checks button also gives you access to this information afterwards. The automatic storage carried out when the old transaction SU53 was called is omitted because it overwrote the last recording. You can also load the results into an Excel file to allow a more comfortable evaluation.
Help, I have no permissions (SU53)! You want to start a transaction, but you have no permissions? Or the more complex case: You open the ME23N (show purchase order), but you don't see any purchase prices? Start transaction SU53 immediately afterwards to perform an authorization check. The missing authorization objects will be displayed in "red". You can also run SU53 for other users by clicking on Authorization Values > Other Users in the menu and entering the corresponding SAP user name.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
For example, if your administrator should not be able to access all tables associated with the SC table permission group, but only the USR02 table, do not grant permissions to the SC table permission group through S_TABU_DIS, but the S_TABU_NAM authorization object will be shaped as follows: ACTVT: 03 / TABLE: USR02.
Here you can delete the log files in all active instances.