From Rel. 3.0E, an authorization check takes place - whenever a transaction is started - against authorization object S_TCODE 'Transaction code check for transaction start'. This authorization object can be found in the object class 'Authorization objects (all applications)'. An authorization called S_TCD_ALL is delivered with profile SAP_NEW_30E, allowing you to execute all transactions. The user administrator is now able to restrict individual users or user groups to the range of transactions they require by giving restricted authorizations for this object. The authorization checks defined by the developer with transaction SE93 (transaction maintenance) or in the ABAP/4 source code continue to be performed.
Advantages of the new authorization check:
a) Guarantee that each transaction performs at least one authorization check.
b) Easy to determine which transactions a user is allowed to execute (or start).
During installation ensure that every user receives an authorization for the transactions he/she requires. To ensure this at the start, give every user the profile SAP_NEW.
Ensure that every user receives an authorization for the transactions he/she requires.