Configure Security Audit Log
SAP systems: Control user authorizations with a concept
Upgrades also require that the eligibility roles be revised. In this context, you can use the SAP_NEW profile for support. During an upgrade, changes and enhancements to permissions checks are included in SAP NetWeaver AS ABAP. In order for users to continue to perform their previous actions in the SAP system as usual, you as the permission administrator must revise or add to the authorisation expressions within the framework of the established permission concept. Basically, you use the transaction SU25 for this purpose. For the transition period, you can use the SAP_NEW permission until the permission concept is up to date on the new release. Since the handling of SAP_NEW is not always transparent and the question arises, for example, when the profile should be assigned and when not, we explain the background here.
Role selection for mass transport uses the default value help, which offers the Multiple Selection button. Thus, you no longer have to go through the Value Helper (F4) to perform multiple selection of roles, and the restriction of selected roles to the visible rows is eliminated.
Authorization check
If RFC function modules are called via RFC connections (for example, from an RFC client program or another system), an authorization check is performed on authorization object S_RFC in the called system. This check checks the name of the function group to which the function module belongs. If this check fails, the system also checks the authorizations for the name of the function module. Configure this check with the auth/rfc_authority_check parameter.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
For this purpose there is the program RSRFCCHK which allows you to perform specific tests for your RFC system landscape.