SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
User & Authorization Management with SIVIS as a Service
The report PRGN_COMPRESS_TIMES provides a remedy. You can call it directly or in the edit mode of a PFCG role in the PFCG transaction via Tools > Optimise User Mapping.
No external services can be added manually in transaction SU24. To do this, you must turn on a permission trace that takes over. You can enable the permission trace using the auth/authorisation_trace dynamic profile parameter. You can enable this parameter by using the transaction RZ11 (Profile Parameter Maintenance) by entering the value Y as a new value and selecting the Switch to All Servers setting.
Add New Organisation Levels
The valid programmes or transactions are stored in the SAP TPCPROGS delivery table, but do not follow a uniform naming convention. Part of the transaction code (e.g. AW01N), part of the report name (e.g. RFEPOS00), or the logical database (e.g. SAPDBADA) is relevant here. Logical databases (e.g. SAPDBADA, SAPDBBRF) are basic data selection programmes and are particularly used in financial accounting. The permission checks, including the time period delimitation, are implemented in the logical database and work for all reports based on a logical database (e.g. the RAGITT00 grid is based on SAPDBADA and the RFBILA00 balance sheet report is based on SAPDBSDF). When you copy the values from the TPCPROGS table, the TPC4 transaction is quickly configured.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
But what if you don't have an identity management system in place? Do you need to type all of this data? No - you can pre-document them automatically.