Unclear responsibilities, especially between business and IT
Use the authorisation route to identify proposed values for customer developments
Only current profile data is always recorded, so that obsolete profiles and permissions in the target system cannot be deleted by transport. This data remains associated with the users and remains effective until it clears a user synchronisation with the Cleanup option (transaction PFUD).
It is important that, if necessary, the database is converted to an SAP S/4HANA database. In addition, various technical system components must be analyzed and adapted to the new environment. But restructuring must also be carried out at the organizational level. For example, the "old", or current, authorization concept must be analyzed, evaluated and, if necessary, fundamentally revised.
AUTHORIZATIONS FOR BATCH PROCESSING IN THE SAP NETWEAVER AND S/4HANA ENVIRONMENT
We advise you not to use the self-set password with a self-service as a generated password is more secure. The password is generated depending on the password rules; This is done by first evaluating the settings in the security policy assigned to the user. If no security policy has been assigned to the user, the system will consider the password rules in the profile parameters and in the customising table PRNG_CUST. In order for the associated security policy to be considered, you may need to include the correction provided with SAP Note 1890833. Remember that the BAPI_USER_CHANGE function block does not automatically unlock the user. In the event of a lock-out due to incorrect logins, you still have to unlock the user using the BAPI_USER_UNLOCK.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
This applies not only to communication between the user interface and the application server, but also to communication between different SAP systems via Remote Function Call (RFC).