SAP Authorizations Assignment of roles - SAP Basis

Direkt zum Seiteninhalt
Assignment of roles
Preventing sprawl with the workload monitor
Further changes can be found when using the proof of use. When you click on the button (proof of use), you will receive a new selection. You can check which permissions, SU24 suggestion values, or SU22 suggestion values the authorization object uses. The ABAP-Workbench selection, as in previous releases, provides you with the proof of use for implementing the authorization object in programmes, classes, and so on. You can use the SAP NEW Data button to mark whether this authorization object is relevant to an SAP New role of a particular release.

In particular, you can derive valuable information about customer transactions, since experience has shown that not all transactions are used. In this context, it is important to mention that you should only use the usage data logged and extracted from the SAP system for the optimisation of SAP role concepts. This information may only be used with the involvement of a co-determination body of your organisation, since this information can of course also be derived from individual users for performance control purposes. However, experience has shown that the use of these data with an early involvement of the institutions of codetermination and the definition of earmarks is uncritical.
Assign SAP_NEW to Test
Which applications have similar or identical features? Use application search to find out. Suppose you want to allow access to certain data for specific users or revisors. An auditor can usually view the contents of defined tables; However, in order not to give the auditor permission to use the generic table tools, such as the SE16, SM30 transactions, etc. , you need to verify that the relevant tables may be provided through other transactions. The actual function of the alternative application should not be used.

You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.

Access to tables and reports should be restricted. A general grant of permissions, such as for the SE16 or SA38 transaction, is not recommended. Instead, parameter or report transactions can help. These transactions allow you to grant permissions only to specific tables or reports. You can maintain secondary authorization objects, such as S_TABU_NAM, in the Sample Value Care.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

As part of the SAP Access Control solution, the Business Role Management component serves the central role management.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

In order to ensure that you can set the mixing mode for the respective roles directly when maintaining the data in the transaction SU24, the function has been provided here with the respective support packages named in SAP Note 1896191.
SAP BASIS
Zurück zum Seiteninhalt