Integrate S_TABU_NAM into a Permission Concept
A complicated role construct
Here I had to look for a moment at which point for SAP key users and not only for the SAP Basis in the SAP system an authorization is callable and may like to take this as an opportunity to write here in the article a few basics on the "anatomy" of SAP authorizations. To access the SAP system, the first thing you need is an SAP user ID (User). The user maintenance transaction SU01 (or SU01D) can be used to assign roles (from which profiles are derived) in addition to the (initial) password and personal data.
You may have special requirements that are necessarily to be included in the naming convention, such as when you define template roles in a template project that can be customised locally. You can identify this in the naming.
Define S_RFC permissions using usage data
You will need to adapt the template to your organisation's circumstances, i.e., probably define the certificate filing depending on the naming convention for your users and adjust the certificate verification. This verification of certificates ensures that no existing certificates are added in the template and that only one certificate is entered to an e-mail address. This check is necessary because sending an encrypted e-mail is cancelled if more than one valid certificate to an e-mail address is found. You can map mass imports of the certificates via this customer-specific programme. In addition, you will also need to define a way to manage certificates in your organisation, i.e. how to transfer changes to certificates to the SAP system.
Since SAP NetWeaver 7.02, such a feature is available, which means that you can access the data from the system trace to maintain PFCG roles. In the following we show you how you can apply the permission values from the permission trace to your role. To do this, you must first record applications against their permission checks and then add them to your role menu.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
In the SU53 error excerpt, the first thing that is displayed is the authorization that the user is missing.
It does not matter whether the system is accessed via the browser (Fiori Launchpad) or via local access (SAP GUI).