User and Role Administration of Application Server ABAPABAP Authorization ConceptOrganizing Authorization AdministrationAssigning AuthorizationsFrom the Programmed Authorization Check to a RoleEditing Authorization Default Data (Development System)Editing Authorization Default Data (Customer System)Maintaining Authorizations in SAP Example RolesMaintaining Authorizations in Roles for Productive UseTrace for Authorization ChecksMaintaining Authorization Default Values Using Trace Evaluation in Transaction SU22 or SU24Maintaining Authorization Fields Using Trace Evaluation in Transaction PFCGUsing the System Trace to Record Authorization Checks (Transaction STAUTHTRACE)Glossary Configuration of User and Role Administration First Installation Procedure Setting Up User and Authorization AdministratorsConfiguring User Group as Required for User Master RecordsInteraction of Required User Groups and Central User AdministrationEnabling Movement Activity for S_USER_GRP Setting Up the Role Administration ToolDefining the Scope of Authorization Checks Preparatory Steps Globally Deactivating Authorization Checks Reducing Authorization Checks in ApplicationsSearching for Deactivated Authority ChecksEditing Templates for General Authorizations Check IndicatorsLogon and Password Security in the ABAP-SystemPassword RulesProfile Parameters for Logon and Password (Login Parameters)List of Customizing Switches for Generated PasswordsRules for User NamesProtecting Special UsersSecuring User SAP* Against MisuseSecuring User DDIC Against Misuse Security in System Groups Role AdministrationRole Administration Functions Changing Standard Roles Creating Single RolesRole Menu Merge Function for the Authorization Data of PFCG RolesEditing Predefined Authorizations Symbols and Status Text in Authorization Administration Copying Authorizations From Templates Assign User Assign MiniApps Personalization Tab Page Creating Derived Roles and Copying Authorizations Authorization Checks when Adjusting Derived Roles Comparing and Adjusting Role Menus Creating Composite RolesGenerating Authorization Profiles Regenerate the Authorization Profile Following Changes Performing a Mass Generation of ProfilesTransporting Authorization Components Transporting and Distributing Roles Transporting Manually-Created Profiles Transporting Manually-Created Authorizations Transporting Check Indicators and Field Values Loading or Storing Check Indicators and Authorization Default Values Transporting Templates Analyzing Authorization Checks Analyzing Authorizations Using the System TraceAuthorization Error Analysis Functions Indirect Role Assignment Using Organizational Management (OM) Assigning a Role Indirectly Indirect Role Assignment in a System Landscape Distribution of the Organizational Management Model Creating an Organizational Management Distribution Model in the Sending System Generating Partner Profiles of the OM Distribution Model Creating an Outbound Filter with Customer Exit Activating Change Pointers Writing Change Pointers for Infotype 0105 Distributing the Organizational Management Model (Initial Distribution) Distributing Changes to the Organizational Management Model Central User Administration Setting Up Central User AdministrationCreating an Administration UserSetting Up Logical Systems Defining/Setting Up a Logical System Assigning a Logical System to a ClientSystem Users and RFC Destinations Defining Authorizations for System Users Determining Existing RFC Destinations and System UsersCreating System Users Creating an RFC Destination for the Target System System Users and RFC Destinations with Trusted Systems Creating RFC Destinations for the Target System with a Trusted SystemAdvantages and Disadvantages of Trusted RFC DestinationsCreating the Central User AdministrationChecking Creation of the Central User Administration Set Up Field Distribution ParametersSynchronizing and Distributing Company Addresses Synchronizing User GroupsTransferring Users from New SystemsDisplaying and Processing Distribution LogsError Analysis in Central User Administration Checking the Setup of Central User Administration Avoiding Termination when Saving the System Landscape Creating an ALE Model Including Partner Profiles Manually Creating the ALE Distribution Model Generating Partner Profiles Checking Partner Profiles Correcting Errors in Partner ProfilesDistributing the Model View Other Error SourcesActivated Background ProcessingChanging Partner Profiles with Active Background Processing Creating a Background User Removing Central User Administration Removing a Child System from Central User Administration Removing Central User Administration CompletelyGlossary Application Link Enabling (ALE)ALE LandscapeALE Integrated SystemUser Master Record AuthorizationAuthorization ProfileBackground ProcessingIDoc System UserLogical SystemPartner ProfileProfileProfile GeneratorRemote Function Call (RFC)RoleChild SystemDistribution Model Central User Administration (CUA)Central SystemCentral Repository for Personalization DataUsing the Generic Storage TableImplementing a DialogIntegrating External TablesRegistering Personalization ObjectsDirectory ServicesLDAP ConnectorMaintaining the Directory ServerConfiguring the LDAP ConnectorConfiguring Connection Data for the Directory ServiceDefining the System User of the Directory ServiceLDAP Connector InterfaceLogging On to the Directory ServiceCalling LDAP Protocol FunctionsSynchronization of SAP User Administration with an LDAP-Compatible Directory ServiceMapping SAP Data Fields to Directory AttributesMapping and Synchronization ProcessSchema ExtensionGenerating a Schema ExtensionMapping SAP Data Fields to Directory AttributesMapping with a Function Module (Linking Type)Mapping Indicator Versus Synchronization IndicatorSetting Mapping IndicatorsSetting Synchronization IndicatorsPreparing and Starting SynchronizationSynchronization Report RSLDAPSYNC_USER: ExamplesAdministering the Synchronization LogChecking for Changes in Authorizations After UpgradesGenerated Role SAP_NEW Migrating Report TreesCustomizing Scenario-Based AuthorizationsTransporting Productive Scenarios to Follow-On SystemsSaving Scenarios to the Local File SystemUploading Productive Scenarios to SAP NetWeaver Application Server ABAPChecking the Consistency of Productive ScenariosDisplaying an Overview of ScenariosAdministration of Users and RolesUser AdministrationUser Administration Functions Creating and Editing User Master RecordsLogon Data Tab Page Password Status SNC Tab Page Roles Tab PageProfiles Tab Groups Tab Page Personalization Tab Page Licence Data Tab Page Copying UsersPersonalizing Users or Roles Changing the Standard Company Address Assigning Roles Assign a Standard Role to a UserMass Changes Logging Off Inactive Users Editing User Defaults and Options Comparing User Master Records Creating and Editing Internet Users Operating Central User AdministrationUser Administration with Active Central User Administration Assigning Passwords with Active Central User Administration Sending User Master Data to a Child System Performing a Text Comparison with Target System SpecificationUser Information SystemDetermining Users with the Users NodeDetermining Cross-System InformationUsers by Complex Selection Criteria (RSUSR002) By Logon Date and Password Change (RSUSR200) With Critical Authorizations (RSUSR008_009_NEW)Analyzing Users with Critical AuthorizationsAnalyzing Users with Critical Combinations of AuthorizationsAdditional Selection CriteriaEvaluation of the Result ListExamples of Using Critical Authorizations and Combinations Determining Roles, Profiles, Authorizations, and Authorization Objects Determining Transactions (RSUSR010) Comparing Cross-System Users, Authorizations, Roles, and Profiles (RSUSR050)Creating Where-Used Lists in the User Information System Creating Where-Used Lists for Roles (RSUSR002) Creating Where-Used Lists for Profiles (RSUSR002) Creating Where-Used Lists for Authorizations (RSUSR002) Creating Where-Used Lists for Authorization Values (RSUSR002) Creating Where-Used Lists for Authorization Objects (RSUSR002)Determining Change DocumentsDisplaying Change Documents for UsersDisplaying Change Documents for Role AssignmentsDisplaying Change Documents for RolesDisplaying Change Documents for ProfilesDisplaying Change Documents for AuthorizationsDisplaying Change Documents for Authorization Defaults Creating a User-Specific Result ListTroubleshootingCleaning Up User Tables Reference Documentation for User and Role Administration Authorization Objects Checked in Role Administration Role Administration: Example Role Administration: Tips and TricksCreating Roles Organization Without the Profile GeneratorCreating and Maintaining Authorizations and Profiles Manually Line-Oriented Authorizations Administration TasksMaintaining Authorization ProfilesSimple and Composite ProfilesDefining Profiles and AuthorizationsAlternative AuthorizationsChoosing Authorization ObjectsMaintaining Composite ProfilesActivate ProfilesNaming Convention for Predefined ProfilesMaintaining Authorizations and Their ValuesSpecial Authorizations Requiring Protective Measures Authorization Profile SAP_ALLGenerated Role SAP_APPDeveloper Documentation for User and Role AdministrationAuthorization ChecksAuthorization Checks in Your Own DevelopmentsCreating Authorization FieldsAssigning Authorization Objects to Object ClassesProgramming Authorization ChecksPerforming Authorization Checks Based on ScenariosCreating Scenario Definitions for Authorization ChecksCreating Productive Scenarios for TestingAutomatically Adding Authorization Objects to ScenariosManually Adding Authorization Objects to ScenariosTransporting Scenarios DefinitionsSwitchable Authorization Check Framework OverviewAuthorizations Required For Scenario-Based Authorizations