SAP Authorizations Features of the SAP authorization concept - SAP Basis

Direkt zum Seiteninhalt
Features of the SAP authorization concept
Using eCATT to maintain roles
Finally, you must evaluate and implement the results of the preparatory work. The overview allows you to determine which user needs which function groups or function blocks and to set up the permission roles accordingly. You can exclude calls to Destination NONE from your evaluation because these calls are always internal calls to RFC function blocks. In this context, we recommend that you check the mappings for critical function blocks or functional groups.

The customising parameters in the table PRGN_CUST control the password generator in the transactions SU01 and SU10. The values of the profile parameters override the customising parameter entries to prevent invalid passwords from being generated. If the value of a customising parameter is less than the value of the corresponding profile parameter, the default value of the customising parameter is drawn instead. The same is true if no value is maintained. You can exclude certain words or special characters as passwords by entering them in the USR40 table. In this table you can enter both specific passwords (e.g. your company's name) and patterns for passwords (e.g. 1234*). '*' stands for any number of additional characters (wild card) and '?' for any character. However, when maintaining the USR40 table, note that the number and type of entries affect performance.
Grant permissions for SAP background processing
After all authorizations are maintained, the role must be saved and generated and a user comparison must be performed. However, this should not be a topic here in the article. This can also be done with the transaction PFUD (see comments to the article "SAP BC: Empty user buffer" :-).

You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.

You can create such an organisational matrix as an Excel file or in ABAP; This depends on how you want to read the data. When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered. We first describe how you can provide automated mass care in the form of a custom development.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

It is important to know that special permissions are not necessary for the installation, modification, etc.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

Permissions are often not restricted because there is often no information about how the object should be shaped.
SAP BASIS
Zurück zum Seiteninhalt