Use usage data for role definition
Schedule PFUD transaction on a regular basis
After creating a authorization object, you should do the following: Make the permission check implementation at a convenient location in your code. Maintain the proposed values for the application in the transaction SU24. Re-load the role in the PFCG transaction if the application has already been rolled. If it is a new application, adjust the roles by including the new application in the Role menu, and then maintaining the permissions of the authorization objects loaded into the role by the suggestion values.
It takes too long to read out the User and Permissions Management change notes? With a good archiving concept, you can improve performance. User and Permissions Management applications write change documents that increase significantly over time and can cause long wait times to read them. To reduce waiting times, you should archive the documents and set a logical index for key change documents. For this, however, you need a comprehensive overview of the storage locations and also of the evaluation possibilities and archiving scenarios. In the following we will show you how you can optimise the change document management of the user and permission management.
Set Configuration Validation
Which users have a specific role (PFCG)? To answer this question you start with the transaction PFCG - the mother of all transactions in the environment of SAP roles and authorizations. Select a role and click on the "Users" tab.
If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549. The switch is NO, and you can switch it to ALL, so that the switch takes on the same functionality as in the higher releases.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Therefore, one of the following explicitly coded permission checks for the CALL TRANSACTION statement must be performed.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
If security warnings are added to permission checks, you should check which processes to grant permissions to this object and test the application.