Maintain proposed values using trace evaluations
System Security
Locking and validity of the user account is done through the user administrator and is also valid for other authentication procedures. This means that a login via SSO is not possible for an invalid user or a user with administrator lock. We therefore always recommend that you prevent access to the system by setting the validity of users. Setting validity on assigned roles also prevents the user from performing actions in the system, but does not generally prevent them from logging in.
However, you can also use the proof of use in the authorization object maintenance to search for specific implementation sites. To do this, open the authorization object in the SU21 transaction. Open the proof of use via the button and a pop-up window appears for querying usage modes (for example, using the affected authorization object in programmes or classes). After making your selection in the Usage Proof, all of the affected implementations will be tabulated. Double-click to access the relevant code locations.
Audit Information System Cockpit
In the SU10 transaction, click the Permissions Data button in the User Selection pane. At this point there is a jump to the report RSUSR002. In the selection screen of the report that appears, you can select the multiple selection to the User field by clicking the arrow button and insert the users from your selection by pressing the button (upload from clipboard).
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Examples include the SYS and _SYS_REPO users, which allow administrative tasks such as creating a new database object or assigning privileges.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces.