AUTHORITY-CHECK OBJECT 'MY_AUTH_OBJECT'
ID 'DEVCLASS' FIELD myData <= data field
ID 'OBJTYPE' DUMMY <= data field, DUMMY = ignored, same as if not listed
ID 'ACTVT' FIELD '02'. <= activity, use "ACTVT" for that, see table TACT !
IF sy-subrc <> 0.
" no auth
ENDIF.
SU20 > authorization fields
SU21 > authorization object > any fields for data OR 'ACTVT' for activity as defined in table TACT
10 = Post
16 = Execute
49 = Request
see class CL_AUTH_OBJECTS_TO_SQL for dynamic WHERE
Roles, check table AGR_USERS
| Transaction | Description |
|---|---|
| ST01 | System Trace |
| SU2 | Own User Settings (Parameter) |
| SU01 | User Maintenance |
| SU02 | Profile/Role |
| SU3 | Authorizations, Benutzervorgaben (Konstanten) |
| SM04 | User List / Disconnect User |
| SU03 | Auth class and object |
| SU20 | SHow / Maintain auth fields |
| SU21 | Show / Maintain auth objects |
| SU22, SU24/SU25 | check indicator can disable auth objects |
| SM51 | User List per instance |
| SU53 | Berechtigungsprüfung |
| AL08 | Logged on Users |
| USMM | Systemvermessung |
| t.UST04 | All profiles of users |
| t.AGR_PROF | All profiles for roles |
| t.AGR_USERS | All roles of users |
| x.RSUSR200 | List of Users |
| fb.TH_DISPLAY_USER_LIST | List of Users |
| fb.TH_DELETE_USER | NOT delete, but logoff user, also on different instances through RFC |
Password rules#
SAP Parameters
| r.rsparam | Scroll to parameters login* |
| t.USR40 | exception words |
Check RFC#
1. ST03N > Systemlast > TOTAL (DoubleClick)2. Analysesichten > RFC-Profile > RFC Server-Profile (DoubleClick)
Check Logins#
SUIM > Änderungsbelege > für Benutzer > (Benutzerattribute=alle)
Option 1#
| STAD | User=<User> + Transaction=SESSION_MANAGER + <proper date/time> |
Option 2#
- x.ST03 > Performance Database > TOTAL
- Choose Time Period
- Click Memory profile box
- Find Transaction
- Double click transaction
Option 3#
- x.ST03 > Detail_analysis_menu(F9) > Today's Workload > Transaction_profile >
- doubleclick on trans.code>
- cursor on username and Show_single_records button.