User group can be defined as required field
Handle the default users and their initial passwords
Running the system trace for permissions gradually for each application server is tedious. We will show you how to record permission checks on multiple servers at the same time. If you want to use the System Trace for permissions in a system with multiple application servers, you should note that the Trace can only log and evaluate data per application server at any time. Therefore, if a permission error occurs, permission administrators must first check which application server the user is logged on to with the permission issue and then start the trace on that application server. We give you a guide to record permissions checks on certain application servers, but we also show you a way to use this feature centrally.
SAP_NEW represents a specific permission profile that summarises the concrete permission changes between two SAP release levels. A distinction should be made between SAP's delivery of the SAP_NEW profile and the generation of an SAP_NEW role with a corresponding profile by you as a SAP customer (see also the SAP hint 1711620). Depending on the authorisation tracking procedure, the SAP_NEW permission can be assigned to any user in a development and quality assurance system immediately after the technical system upgrade. However, the goal is to assign to each user in the production environment only permissions that they need for their business operations. In the context of upgrades, the correct permissions must be determined and integrated into the corresponding permission roles.
Maintain proposed values using trace evaluations
In order to be able to execute subsequent SAP standard reports, you need authorizations to access certain programs or reports and in the area of role maintenance. The transactions "SA38" and "SE38" for executing programs are of particular importance. They enable a far-reaching system analysis by means of certain programs for the end user. Additional rights associated with this, which can go beyond the basic rights of administrators, have to be controlled by explicit values in a dedicated manner.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
You're probably familiar with this.