Redesign of SAP® Authorizations
Reset passwords using self service
A user trace is therefore also a trace over a longer period of time. Currency of the trace execution, the authorization check is recorded exactly once for each user.
Remove improperly defined SAP Orgebene ($CLASS): This function deletes the $CLASS organisational level that was incorrectly delivered with the GRCPlug-in (Governance, Risk and Compliance). Use the test mode of the report to look at possible corrections in advance.
Authorization roles (transaction PFCG)
First, the Web application developers must implement appropriate permission checks and make PFCG available for use in role maintenance in the transaction. This includes the maintenance of proposed values in the transaction SU22. The SAP Note 1413012 (new reusable startup authorisation check) provides all the necessary details.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
To develop without modification, SAP offers user-exits or business add-ins (BAdIs) for such cases.