Permissions objects already included
Rebuilding the authorization concept
When the auth/authorisation_trace parameter is turned on, external services are written to the USOBHASH table and permission checks are logged in the USOB_AUTHVALTRC table. You can now use the contents of this table to apply the checked objects and values from the trace to the suggestion values in the transaction SU24. Because it is a dynamic profile parameter, it is reset when the application server is launched. Now open the transaction SU24 and you will find your own UIK component as an external service. Double-clicking on this service will tell you that no suggestion values have been maintained there. You can apply these suggested values from the USOB_AUTHVALTRC table. Here you should at least maintain the UIU_COMP authorization object so that this information is loaded into the PFCG role as soon as you include the external service in your role menu.
Look closely at the security advisory so that you can identify the affected programmes or functions and schedule appropriate application tests. Use a test implementation in the SNOTE transaction to identify additional SAP hints that are required for a security advisory and may also contain functional changes.
SAP FICO Authorizations
However, you can also use the proof of use in the authorization object maintenance to search for specific implementation sites. To do this, open the authorization object in the SU21 transaction. Open the proof of use via the button and a pop-up window appears for querying usage modes (for example, using the affected authorization object in programmes or classes). After making your selection in the Usage Proof, all of the affected implementations will be tabulated. Double-click to access the relevant code locations.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
With the Change Preview selection, you can see which suggestion values would be changed for your selection in the transaction SU24.