There are a handful of transactions to get you through the world of SAP authorizations. Not complicated, but you need to know them.
Authorizers are particularly fond of two: PFCG and SUIM. One, PFCG, is the actual tool to create and edit roles. The other, SUIM, to make evaluations of roles, users and their relationships. But beyond that, there is a whole range of other transactions that you should know about as an authorizer:
PFCG | Role Maintenance |
PFUD | User Master Data Reconciliation |
ST01 | System Trace |
STAUTHTRACE | Authorization Trace |
STUSERTRACE | Authorization Trace for User |
STUSOBTRACE | Evaluate Authorization Trace |
SU20 | Maintain Authorization Fields |
SU21 | Maintain Authorization Objects |
SU22 | Maintain Authorization Defaults (SAP) |
SU24 | Maintain Authorization Defaults |
SU25 | Upgrade Tool for Profile Generator |
SU26 | Upgrade Tool for Profile Generator |
SUIM | User Information System |
SUPC | Role Profiles |
Report: PFCG_TIME_DEPENDENCY | Job for user comparison |