Use the authorisation route to identify proposed values for customer developments
Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
To maintain open permission fields in roles, you need information from the Permissions System Trace. But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually. The information on which values can be entered can be read from the Permissions system trace and maintained manually in the PFCG role. However, this can be very complex, because a function that takes these values into the PFCG role has been missing.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
The evaluation performance of the Security Audit Log was optimised from SAP NetWeaver 7.31. For this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1810913.
Create permissions for customising
For an up-to-date description of the eligibility tests in the EWA, see SAP Note 863362. Updates to these checks are provided by keeping the ST-SER software component, which contains the definition of checks to be performed, up to date and enabling the automatic content update in the SAP Solution Manager.
SAP_NEW represents a specific permission profile that summarises the concrete permission changes between two SAP release levels. A distinction should be made between SAP's delivery of the SAP_NEW profile and the generation of an SAP_NEW role with a corresponding profile by you as a SAP customer (see also the SAP hint 1711620). Depending on the authorisation tracking procedure, the SAP_NEW permission can be assigned to any user in a development and quality assurance system immediately after the technical system upgrade. However, the goal is to assign to each user in the production environment only permissions that they need for their business operations. In the context of upgrades, the correct permissions must be determined and integrated into the corresponding permission roles.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Here you can import individual certificates by selecting the corresponding certificate in Certificate > Import Certificate.
As a small anticipation, I may refer here to some SAP blogs on the subject of SAP Basis or also the VideoPodcast "RZ10 LIVE SAP BASIS AND SECURITY" from rz10.de picks up topics in the area of authorizations again and again and is instructive here :-).