Authorizations in SAP systems: what admins should look out for
Security in development systems
Make your IMG projects more secure. We show you how to create customising permissions for individual projects or project views, thereby limiting access. With the SAP Implementation Guide (IMG), there is a tool that allows you to customise your SAP system to suit your business needs. You can manage access to projects in the IMG via customising permissions and thus limit the user circle. You grant the members of an SAP project team the permissions they need to support the project. Below we show you how to create customising permissions by mapping to the IMG projects.
By adding certain SAP standard reports and the user information system ("SUIM"), you can quickly identify security-relevant issues and correct any errors. This improves basic management of your existing security concept and protects you against external and internal intrusions. If you need help with your system analysis, please feel free to contact us. Xiting offers you a wide range of services related to SAP Security. Above all, our proprietary security tool, the Xiting Authorizations Management Suite, or XAMS for short, allows you to build a new role concept based on your usage data and even generate a revision-compliant security concept at the push of a button. Why not see for yourself and join one of our many different webinars.
Statistical data of other users
In the Output pane, you can view the change documents of a remote subsidiary system, or in the Selection Criteria pane, you can restrict the change documents for the central system (transmit system) or only for specific daughter systems. In the lower part, you can select the distribution parameters that you are interested in changing. The evaluation includes information about all changes in the ZBV configuration and in the attached subsidiary systems, as of the time the corresponding release or support package was inserted into the systems. In addition to the date, time and modifier, the evaluation also contains information about the respective model view, the status of the configured system and the action taken (old value and new value). In our example, you will see changes that have occurred in the SCUA transaction, such as creating a model view and adding subsidiary systems, changes made in the SCUG transaction, such as the user adoption, and changes to the distribution parameters in the SCUM transaction.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
In the only method of the BAdIs, CHANGE_ITEMS, programme the necessary checks, such as on specific data constellations or permissions. These can refer to all fields in the FAGLPOSX structure. You do this by specifying that all lines for which the test was not successful will be deleted during the execution of the method. This implementation of the BAdIs complements the Business Transaction Event 1650 described in the second example. You can also use the FB03 transaction to display receipts in the same way that you implement the FB03 filter. In this case, implement the required checks in the BAdI FI_AUTHORITY_ITEM.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
As a result you will see all authorization objects that are checked when calling transaction ME23N.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
It can be used to assess and classify the risks arising from SAP authorizations.