Correct settings of the essential parameters
Transports
Insert SAP Note 1171185 into your ZBV system. With this notice, the report RSUSR_SYSINFO_LICENSE is delivered, which retrieves and displays the user types from the systems connected to the ZBV. In addition, however, SAP Note 1307693, which contains new functionalities of licence measurement, must be installed on the subsidiary systems connected to the ZBV. In addition, you may need to extend the permissions of the users in the RFC connections to the ZBV's subsidiary systems by the permissions to the S_RFC object with the SUNI and SLIM_REMOTE_USERTYPES function groups. If the SAPHinkling 1307693 is not installed on a subsidiary system, or the RFC user's permissions have not been adjusted accordingly, the RSUSR_SYSINFO_LICENSE report in the application log (transaction SLG1) will issue a warning.
If you manage your SAP system landscape via the Central User Administration (ZBV), you must insert SAP Note 1663177 into both the ZBV system and all attached subsidiary systems. In this case, also note that the default user group will be assigned in the daughter systems if no user group has been distributed during the user's installation from the ZBV. In addition, you will receive an error message in the SCUL transaction stating that a user group must be assigned to the user (via the ZBV headquarters). This behaviour is independent of the settings of the distribution parameters for the user group in the SCUM transaction. If you have set the distribution parameters for the user group to Global or Redistribution, the appropriate subsidiary system will reject the changes made to users that do not have a user group in the Central System, and you will receive an error message in the SCUL transaction.
Handle the default users and their initial passwords
With Managed Services, you receive professional management and improvement of your SAP authorizations. In doing so, we analyze your existing workflows and processes and work out optimization potentials. The implementation of the potentials takes place within a few months. As a basis for central and efficient administration, we implement an underlying tool, working continuously and directly with your SAP key users.
Single sign-on (SSO): This solution is useful if you have not yet used SSO for your SAPS systems or if not all SAP systems are integrated into the SSO solution. In such cases, you must implement the Web application in a system that supports SSO logins, such as Central User Management (ZBV), SAP Identity Management (ID Management), or Active Directory (AD).
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
For a user to have all the necessary permissions, you now assign the basic role with the permissions to the generic operating links and the actual role that describes the user's desktop.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
However, these evaluation methods ignore the object CP (central person), which represents the business partner in SAP CRM.