Authorization roles (transaction PFCG)
Statistical data of other users
The relevant authorization objects are then displayed in an ALV list and the documentation for the authorization object can be called up via the I in the Docu column. This documentation then displays much more detailed information about the respective authorization object as well as the defined fields.
The SAP Note 1903323 provides a solution. The functionality is only provided via support packages for NetWeaver releases 7.31 and 7.40. This fix extends the naming conventions so that namespaces in the /XYZ/ format can be used up to a maximum of eight characters. In the development and creation of authorization objects, some functionalities of the SAP hint are extremely helpful, which we present in this tip.
Check and refresh the permission buffer
We therefore recommend that you schedule a background job on the PFUD transaction, which performs a regular user comparison (see Trick 17, "Schedule PFUD transaction on a regular basis"). By the way, did you know that the auth/tcodes_not_checked profile parameter enables you to disable the transaction startup permissions for the SU53 and SU56 transactions? To do this, enter the value SU53, SU56, or SU53 SU56 for the profile parameter. This means that the end user no longer needs the permissions to run these transaction codes from the S_TCODE authorization object.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
It is also possible to specify in the concept that, in the event of an emergency, extended authorization may be granted to other selected users; this is up to the company to decide.