SAP Authorizations - Overview HCM Authorization Concepts
SU2X_CHECK_CONSISTENCY & SU24_AUTO_REPAIR
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
Tax reporting: The tax reporting system in SAP is based on the accounting area. The Profit Centre is not intended as a reporting unit here.
Hash values of user passwords
The call to your implementation of the BAdIs is the last step in the process of storing user data. This applies to all transactions or function blocks that make changes to user data. Therefore, the BAdI is also called during maintenance by the BAPI BAPI_USER_CHANGE. You use this BAPI when you implement a password reset self-service as described in Tip 52, "Reset Passwords by Self-Service." This enables encrypted e-mail delivery of initial passwords within a self-service framework.
The system checks direct access to the contents of tables, for example, with transactions SE16, SM30, or SE16N with authorization checks on a table authorization group, object S_TABU_DIS. If there are no suitable authorizations for the table authorization group, the system checks the name of the table or view, object S_TABU_NAM. When making changes to client-independent tables, the system also checks the authorizations for object S_TABU_CLI. If you have configured line-based authorization checks in Customizing, the system also checks authorization object S_TABU_LIN. Assign tables or views to a table authorization group using transaction SE11 or SE54. You can also define table authorization groups using transaction SE54. If your customer development implements direct access to a table, use the VIEW_AUTHORITY_CHECK function module to perform the authorization check. For more information about generic access to tables, see SAP Note 1434284 Information Published on SAP Site and the online documentation for the authorization objects mentioned above.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
In the example, the single ledger entry for the vendor account 100000 was invoked.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
In the Server Name column, you can see which application server the user is logged on to, and which has the permission issue.