SAP Authorizations Default permissions already included - SAP Basis

Direkt zum Seiteninhalt
Default permissions already included
Perform Risk Analysis with the Critical Permissions Report
In practice, the main problem is the definition of content: The BMF letter remains very vague here with the wording "tax relevant data". In addition, there is the challenge of limiting access to the audited financial years.

In order to use the statistical usage data, you must first extend the default SAP value of the retention time to a reasonable period of time. For a representative period, a minimum of 14 months and a maximum of 24 months shall be sufficient. This includes day-to-day business, monthly financial statements, underyear activities such as inventory and annual financial statements. Now call the transaction ST03N and navigate to: Collector & Perf. Database > Performance Database > Workload Collector Database > Reorganisation > Control Panel.
Even if key users (department users/application support) do not have to develop their own authorization objects and cooperation with SAP Basis is always advantageous, there are often technical questions such as "Which users have authorization to evaluate a specific cost center or internal order?
Starting with SAP NetWeaver 7.31, the Security Audit Log enables the complete display of longer event parameters in messages. To do this, the maximum storage space for variables in messages has been increased to 2 GB. To play this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1819317.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

Examples include the SYS and _SYS_REPO users, which allow administrative tasks such as creating a new database object or assigning privileges.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

New message types have also been defined in this context.
SAP BASIS
Zurück zum Seiteninhalt