The REGENERATE_SAP_APP program has the task of automatically generating authorizations with full authorization scope (field value ‘*’) from a flexibly selectable list of authorization objects.
These authorizations can be entered in both the classic composite profile SAP_APP and in a role of your choosing.
Selection Options
There are three main options:
- Classic Selection
This is the default option. SAP will select most authorization objects automatically. You can choose to exclude sensitive objects such s Basis, HCM or any other critical objects. This is safer because it avoids adding unnecessary sensitive access.
- Detailed Selection
Use this option if you only want to select specific authorization objects or application components. For example, you can choose only certain SAP components or object names.
- Default Data for Role
Use this option if you want SAP to use the authorization default values from an existing role menu. This is only for existing roles.
Exclusion Table
The Exclusion Table is used to remove certain authorization objects from the generation process. Use this if some objects are not needed or are too critical to include.
Template
A template can be used if you do not want to give full access * for all objects. Instead, SAP can copy specific authorization values from the template. This gives better control over the generated role.
Work Area
You can choose whether to generate authorizations for SAP_APP profile or a role.
