Authorization check
In the transaction, select SU10 by login data of users
Due to the changed suggestion values in the SU24 transaction, you must now perform step 2c (roles to verify) to update all roles affected by the changed proposal values. Role changes are only customised! You will get a list that shows all the roles you need to edit. If you have more than one client to maintain roles, you must also do this in the other client.
The programmer of a functionality determines where, how or whether authorizations should be checked at all. In the program, the appropriate syntax is used to determine whether the user has sufficient authorization for a particular activity by comparing the field values specified in the program for the authorization object with the values contained in the authorizations of the user master record.
Starting reports
You can adjust these evaluation methods in the table T77AW or in the transaction OOAW. To do this, select the respective evaluation path by selecting it, and click on the evaluation path (individual maintenance) in the menu on the left. The table that appears defines the relationships between the objects. For SAP CRM only the objects Organisational Unit (O), Headquarters (S), Central Person (CP) and User (US) play a role. For simplicity, you can now copy the lines that use the Person (P) object. Enter a new number here and replace the object P with the object CP.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
In the following we will show you how to define security policies and how they work.