Maintain batch job suggestion values
SAP systems: Control user authorizations with a concept
SAP Note 1720401 extends the SU10 transaction (mass maintenance of users) with the previously missing option to select users by login date and password changes. The notice adds these features to the RSUSR200 report. This report can also be executed directly using the transaction SU10 and the corresponding permission. After the hint has been inserted, the transaction SU10 will be expanded to include the login data button.
The authorization objects are attached by analogy to the forecast and item-based reports. The authorization objects of the item-based reports are checked in addition to the authorization objects for the information system when the report is selected. There is a trick in maintaining the CO-PA-specific authorization objects, because a once selected result area is set for the entire session of your login. This is of course hindering the maintenance of authorization objects for different result areas. Therefore, simply change the result area in the Customising window using the following path: Controlling > Income and market segment accounting > Structures > Set result area.
Correct settings of the essential parameters
In addition, you must note that you may not execute this report on systems that are used as a user source for a Java system. This is due to the fact that a login to the Java system will only update the date of the last login to the ABAP system if a password-based login has taken place. Other Java system login modes do not update the date of the last ABAP system login.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
To ensure that processes are mapped securely and correctly, SAP authorizations must be regularly checked and reworked.