Analyzing the quality of the authorization concept - Part 1
Generic access to tables
Additional checks should be performed on document transactions in specific processes. This may be necessary, for example, when booking via interfaces in customer-owned processes, if the booking is to be possible only under certain conditions or on certain accounts.
Add SAP Note 1695113 to your system. With this note, the RSUSR200 and RSUSR002 reports are extended by the selection of different user locks or validity. In the selection, you can now distinguish whether you want to include or exclude users with administrator or password locks in the selection. In addition, you can select in the report RSUSR200 whether the users should be valid on the day of selection or not. To do this, select whether you want to select the user locks as set (01 set) or not set (02 not set) in the selection screen of the RSUSR200 report in the Locking after Lock section of the User Locks (Administrator) field. This includes local and global administrator locks. In the same section, you can also select the password locks (false logins) as set (01 set) or not set (02 not set). This will filter for users that are locked because of incorrect password messages and for which a password login is no longer possible. You can select these selection criteria together or separately. Alternatively, you can also use the Use only users without locks option and additionally, in the Selecting after the user is valid between user today and user today, select not valid.
Permissions with Maintenance Status Used
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Therefore, this function requires a high degree of understanding for the adjustments that are running in the background and is therefore only available as a pilot note.