SAP Authorizations A concept for SAP authorizations prevents system errors and DSGVO violations - SAP Basis

Direkt zum Seiteninhalt
A concept for SAP authorizations prevents system errors and DSGVO violations
Lock Inactive Users
The use of suggestion values not only brings advantages when creating or maintaining PFCG roles, but also when maintaining permissions as a rework of an upgrade. Furthermore, these values can be used as a basis for risk definitions. Before creating PFCG roles, it is useful to maintain the suggested values for the transactions used. However, you do not need to completely revise all of the suggested values that are delivered by SAP.

For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
Optimization of SAP licenses by analyzing the activities of your SAP users
In the SU10 transaction, click the Permissions Data button in the User Selection pane. At this point there is a jump to the report RSUSR002. In the selection screen of the report that appears, you can select the multiple selection to the User field by clicking the arrow button and insert the users from your selection by pressing the button (upload from clipboard).

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

When you create users in the SU01 transaction, do you want to automatically pre-occupy certain fields from a data source? Use a new BAdI for which we present an implementation example. If you create a user in the SU01 transaction in an SAP system, there is almost always data about that user in other systems. A classic example is user data in the Active Directory or the personnel master data in SAP ERP HCM, which are already maintained as part of the employee recruitment process. If user data is present in multiple systems, then the first choice is to automatically create a user through an identity management system, which is resolved by an HR trigger in SAP Identity Management (ID Management). ID Management detects changes, such as personnel master data, SAP ERP HCM, or business partners in SAP CRM, and either applies the appropriate users in your systems or makes changes and deactivations. But what if you don't have an identity management system in place? Do you need to type all of this data? No - you can pre-document them automatically. You can use a Business Add-in (BAdI), which allows you to pre-define certain fields when you create a user in the SU01 transaction.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

If you want to check custom fields, you must create your own permission fields in the transaction SU20.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

This ad hoc analysis thus offers you a time-saving method of checking many roles at once according to your own critical characteristics.
SAP BASIS
Zurück zum Seiteninhalt