SAP Authorizations Correct settings of the essential parameters - SAP Basis

Direkt zum Seiteninhalt
Correct settings of the essential parameters
Evaluate Permission Traces across Application Servers
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system - both externally and internally.

The call to your implementation of the BAdIs is the last step in the process of storing user data. This applies to all transactions or function blocks that make changes to user data. Therefore, the BAdI is also called during maintenance by the BAPI BAPI_USER_CHANGE. You use this BAPI when you implement a password reset self-service as described in Tip 52, "Reset Passwords by Self-Service." This enables encrypted e-mail delivery of initial passwords within a self-service framework.
Use SAP_NEW correctly
CREATE_EMAIL_CONTENT: The example implementation of this method generates the e-mail content. The user ID, the relevant system and the initial password are listed for each user. When the method is called in the Central User Management (ZBV), all initial passwords associated with the system in which the password was reset are listed. You should adapt the content of the e-mail to your requirements.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

Behind this RFC connection is a Trusted-RFC connection in the ERP system of the system landscape with the naming convention *_RFC. We recommend that you keep the name of the RFC connection for each ERP system in the system landscape and only change the connection data in the RFC connections. You do not need to customise your PFCG roles for the development, test, and production environments. Note that when mixing the single reel with the reel collectors, you will need to maintain the RFC connection in the roll menu of the pulley!

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

This report requires only viewing permissions that can be assigned to the above-described group without any concerns.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

These tests only superficially check for the existence of an authorization object and do not react to settings in the field specification in the profile of the roles.
SAP BASIS
Zurück zum Seiteninhalt