SAP Authorizations Compare Role Upgrade Permissions Values - SAP Basis

Direkt zum Seiteninhalt
Compare Role Upgrade Permissions Values
Installing and executing ABAP source code via RFC
Service users are used for multi-person anonymous access, such as Web services. This type of user is also dialogical, i.e. it can log on to the SAP system via SAP GUI. With a service user, multiple logins are always possible, and password modification rules do not work. This behaviour has changed with the introduction of security policy. Because previously all password rules for the service user were invalid, and now the rules for the contents of the passwords also apply to the service user (see Tip 5, "Defining User Security Policy" for details on security policy). The password of a service user always has the status Productive and can only be changed by the user administrator.

Additional checks should be performed on document transactions in specific processes. This may be necessary, for example, when booking via interfaces in customer-owned processes, if the booking is to be possible only under certain conditions or on certain accounts.
Query the Data from an HCM Personnel Root Record
A new transaction has been added to evaluate the system trace only for permission checks, which you can call STAUTHTRACE using the transaction and insert via the respective support package named in SAP Note 1603756. This is a short-term trace that can only be used as a permission trace on the current application server and clients. In the basic functions, it is identical to the system trace in transaction ST01; Unlike the system trace, however, only permission checks can be recorded and evaluated here. You can limit the recording to a specific user. You can also use the trace to search only for permission errors. The evaluation is similar to the evaluation of the system trace in the transaction ST01. In transaction STAUTHTRACE, however, you can also evaluate for specific authorization objects or for specific permission check return codes (i.e. after positive or negative permission checks). You can also filter multiple entries.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

Users can activate or deactivate processes without affecting other processes. For example, they can activate Succession & Development without affecting position management in Employee Central. With the help of the tool, users always know for what purpose a particular user has been given a particular permission. Basic authorizations, which are identical for every user, are only stored once in a platform role. This ensures that system performance remains optimal.

Authorizations can also be assigned via "Shortcut for SAP systems".

This report can also be executed directly using the transaction SU10 and the corresponding permission.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.

These include: - Managing authorization requests - Distributing and assigning authorizations - Auditing authorizations - Developing authorizations.
SAP BASIS
Zurück zum Seiteninhalt