RSRFCCHK
Existing permissions
This advanced functionality of the transaction SU53 is delivered via a patch. Please refer to SAP Note 1671117 for more information on the required support packages and technical background. Unsuccessful permission checks are now written to a ring buffer of the application server's Shared Memories. This will allow you to view failed permission checks in Web Dynpro applications or other user interfaces, which was not previously possible. Depending on the size of the ring buffer and system usage, up to 100 failed permissions checks per user can be displayed for the last three hours. The size of the ring buffer is calculated from the number of defined work processes. By default, 100 permission checks can be saved per workprocess. You can adjust this size using the auth/su53_buffer_entries profile parameter.
If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549. The switch is NO, and you can switch it to ALL, so that the switch takes on the same functionality as in the higher releases.
Optimization of SAP licenses by analyzing the activities of your SAP users
The authorisation concept in SAP ERP does not normally allow to limit permissions to individual financial years. However, this is particularly relevant for tax audits. As of 1 January 2002, the electronic tax audit was enshrined in law in § 147 (6) of the German Tax Code. The opinion of the Finance Administration is in the BMF letter of 16.07.2001 (BStBl. 2001 I)"Principles on data access and the verifiability of digital documents"(GDPdU). The electronic control check can be performed in Germany on three types of access: Immediate access: The tax authority shall have the right to inspect the stored data (read-only access) and to use the taxpayer's hardware and software to verify the data, including the master data and links. Mean Access: The tax authority may require the taxable person to perform the read-only processing of the data in accordance with its specifications. Volume Release: Alternatively, the tax administration may require the taxable person to have the stored documents available to it for evaluation on a machine-usable medium.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
The authorization objects are attached by analogy to the forecast and item-based reports.