Use timestamp in transaction SU25
Essential authorizations and parameters in the SAP® environment
Finally, you must evaluate and implement the results of the preparatory work. The overview allows you to determine which user needs which function groups or function blocks and to set up the permission roles accordingly. You can exclude calls to Destination NONE from your evaluation because these calls are always internal calls to RFC function blocks. In this context, we recommend that you check the mappings for critical function blocks or functional groups.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Any deviation from the defined process must be fully documented and justified. This is because it is precisely deviations from the standard case that are of great interest to an auditor, as the auditor must determine whether a deviation could have an impact on the correctness of the data.
A complicated role construct
SAP Note 1707841 ships an extension to the system trace in the STAUTHTRACE transaction, which enables the permission trace to be used on all or on specific application servers. To select the application servers on which to start the trace, click the System Trace button. Now select the application servers in the list on which you want to run the system trace and start the trace with a click on Trace. In the evaluation of the Permission trace, an additional column named Server Name appears, showing you the name of the application server on which the respective permission checks were logged.
Since Release 4.6D, the system creates a new folder for each of the roles included in the pulley when rebuilding a Collective Roll menu at the first hierarchy level, and only then the corresponding menu is located. You can decide whether the text of each folder should consist of the technical name or the short text of the role. This function can be disabled by customising.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
For the entries in the SPTH table, note that the application defines whether a file is accessed with or without the path.
If you do not maintain the values or set them to a value other than YES, the role menus of the reference user will not be taken into account when setting up the user menu.