Add External Services from SAP CRM to the User Menu
Audit Information System Cockpit
No more users can be created, maintained or deleted without the assignment of a valid user group. If a user group is not assigned when a user is created, the user is automatically assigned the default user group. Before you set the USER_GRP_REQUIRED switch, a user group must have been assigned to each existing user and the administrators must have the permissions for the default user group. When creating a new user, the default user group will be used as pre-occupancy; this user group can be overridden by setting another user group in the S_USER_GRP_DEFAULT user parameter for each user administrator. The customising switch requires a valid user group, because it is used as the default user group. If a valid user group has not been entered in the customising switch, the user group is nevertheless a mandatory field. This will lead to errors in automated user creation.
The case that the user buffer is not up to date is very rare. The auth/new_buffering profile parameter sets the value 4 to immediately update the permissions, i.e. changes to the user root or roles or profiles, and write them to the USRBF2 database table without requiring a new login. This value is set by default. The fact that the buffer is not up-to-date is recognised by the fact that existing permissions that are not in the buffer are marked in the transaction SU56 with the note "In the root data but not in the user buffer".
SAP S/4HANA® Launch Pack for Authorizations
This role is now available for you to assign to users. As a design-time object, you can transport this role via the HANA-owned Transport Service (HALM) or via the SAP Solution Manager with the CTS+ extension. After transport to the target system, this role is activated as a runtime object. You can assign HANA roles via both SAP HANA Studio and SAP Identity Management.
The authorization objects are attached by analogy to the forecast and item-based reports. The authorization objects of the item-based reports are checked in addition to the authorization objects for the information system when the report is selected. There is a trick in maintaining the CO-PA-specific authorization objects, because a once selected result area is set for the entire session of your login. This is of course hindering the maintenance of authorization objects for different result areas. Therefore, simply change the result area in the Customising window using the following path: Controlling > Income and market segment accounting > Structures > Set result area.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Below we describe how you can use the statistical usage data from the Workload Monitor for the SAP role definition.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
To disable the ZBV completely, use the RSDELCUA report or the Delete button in the transaction SCUA.