SAP Authorizations Existing permissions - SAP Basis

Direkt zum Seiteninhalt
Existing permissions
Determine Permissions Error by Debugging
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.

To support the safe operation of SAP systems, SAP offers a whole portfolio of services. We present the security services offered by SAP Active Global Support (AGS). The security of an SAP system in operation depends on many factors. There are several security features in the SAP standard, such as user management, authentication and encryption capabilities, web service security features, and the various authorisation concepts. Vulnerabilities in the standard software are also regularly fixed in SAP notes and support packages. You are responsible for the safe operation of your SAP system landscapes; so you need to incorporate these features and fixes into your systems. The AGS Security Services support you by bundling the experiences of the AGS into consolidated best practices. We introduce these services and describe how they help you gain an overview of the security of your operational concept.
Permissions with Maintenance Status Changed or Manual
You can schedule background jobs in the SM36 and SA38 transactions, but also in a variety of application transactions. It is important to know that special permissions are not necessary for the installation, modification, etc. of your own jobs. An exception is the release of background jobs; it is protected by a permission. Permissions are also required for the activities on other users' background jobs, and the following authorization objects are available in SAP backend processing: S_BTCH_JOB controls the access rights to other users' jobs. S_BTCH_NAM allows you to schedule programmes under a different user ID. S_BTCH_ADM grants parent permissions that are usually only required by administrators.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

Authorizations in SAP systems form the basis for Identity & Access Management. They enable users to access the applications they need to perform their activities. Since functional and organizational requirements are subject to change, SAP authorizations must be regularly checked and reworked. This is the only way to ensure that processes are mapped securely and completely correctly from a technical point of view.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

Alternatively, you can let the user inherit the user type of a reference user or classify it via an associated role.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

There should be no reference users with permissions that are similar to the SAP_ALL profile.
SAP BASIS
Zurück zum Seiteninhalt