Add hidden authorization to user
With this function you can add "hidden" authorizations to users. You can add the full authorization for a specific authorizations object and/or the authorizations of a specific role or profile to the user buffer.
The added authorizations will not be visible in the system! You can not see them in SU01(D) and you will not see the user in SUIM reports when you execute a query for users with the added authorizations. Also there will be no change documents like there would be when a role or profile is assigned using the standard functions. Nevertheless, if the function executes with a positive result (assumed you have given a valid user and a valid authorization object or role), the authorization will be there for the user. On systems with more than one application server there might be a latency caused by the table synchronization (depending on the value of the profile paramter rdisp/bufreftime, usually within 2 minutes). In that case you can wait a short time or log into the server that was used for this function (can be done easily using transaction SM51 and a double click on the server).
The authorizations assigned this way will disappear at the next time the user buffer for the user will be refreshed. This could be caused for example by a "normal" role or profile assignment for the user, a user comparison run or the first login of the user, and there might be some more possible reasons.
From security's point of view this function is very critical! Please handle this function with care and sense of responsibility. Therefore the authorizations should be removed again (also possible with this function) when they are not necessary any longer.
For this function also system users (type B, C) can be used. The authorizations usually needed for user / authorization administration (S_USER_GRP, S_USER_AGR, S_USER_PRO etc.) are not necessary!
|
