Temporarily disable Central User Management
Centrally review failed authorisation checks in transaction SU53
The panel menus also simplify the maintenance of permissions to the audit structures. You can select the audit structures or area menus you use in role editing and import them into the roles as menus. If you want to set up a constraint on AIS users to specific audit structures or protect individual audits from access, you can use the S_SAIS authorization object. This object controls access to the audit structures or the audit numbers of individual audits.
The SAP standard allows you to evaluate the statistical usage data via a standard function block. The call is made through the transaction SE37. Select here the function block SWNC_GET_WORKLOAD_STATISTIC. The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.
Protect Passwords
Only adding an authorization object via SU24 does not automatically result in a check within the transaction. The developer has to include an authorization check exactly for this object in the program code.
Each UI component that can be clicked corresponds to an external service that must each have permission set up. UI components also include creating or calling stored searches or navigating from one record directly to another record, such as calling an appointment directly from a business partner; This corresponds to cross-navigation. All navigation options in the form of external services are defined in the customising of the CRM business role in the form of a generic outbound plug mapping to the navigation bar. Outbound Plugs (OP) define what happens when a user leaves a view in SAP CRM. Here the customising is set for scenarios that do not necessarily fit all CRM business roles. The corresponding CRM business roles have been configured to be associated with outbound plugs that are not required for the respective CRM business role scenario. This explains the large number of external services in the role menu.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
You will need to call this transaction again to read the programmed exit and select it.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
In role maintenance (transaction PFCG), not only the role menu of a single role is maintained, but also the authorization objects and authorization field values can be maintained in the Authorizations tab.