Grant permission for external services from SAP CRM
Use usage data for role definition
Certain SAP authorizations, including those for table maintenance (S_TABU_*) require special attention for data protection reasons. These are known as critical authorizations. In the course of authorization planning, a company should determine which authorizations are to be considered critical, which roles may receive which critical authorizations or values for critical authorization fields, and so on. The German Federal Office for Information Security has compiled detailed information on defining critical authorizations.
By clicking on the Registration Data button, you start the RSUSR200 report and you enter the selection mask. This report allows you to select users by login data. You can also determine if a user has changed his initial password. You can select a predefined variant from the catalogue using the button (Get variant) or the key combination (ª) + (F5).
Note the effect of user types on password rules
Only current profile data is always recorded, so that obsolete profiles and permissions in the target system cannot be deleted by transport. This data remains associated with the users and remains effective until it clears a user synchronisation with the Cleanup option (transaction PFUD).
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
As a result, you will get an advanced IMG structure, in our example FF Log settings, which you can access via the transaction SPRO.