A previous tip, "Exclude/include objects from authority checks", could use some important clarification. Adding an authorization object to a transaction in SU24 does not mean that the transaction will check for that authorization object. The actual check of the authorization object needs to be in the code. Adding an authorization object in SU24 to a transaction, or adding/changing values for the field will just make that authorization object/field values pop up as defaults for a transaction in PFCG. I've seen a number of people think SU24 will magically add the checks to the transaction - this should be clarified.