SAP Authorizations Generic access to tables - SAP Basis

Direkt zum Seiteninhalt
Generic access to tables
Evaluation of the authorization check SU53
With the transaction SUIM you can search under roles, roles with different search criteria. The variant "Roles by complex selection criteria" covers all possible selection criteria. However, you can also search only for a specific selection criterion (e.g. only for transactions, only for authorization objects...).

The evaluation of the licence data via the ZBV with the report RSUSR_SYSINFO_LICENSE provides a result list with the following contents: Contractual User Type - This column contains the actual local user types from the ZBV subsidiary systems. Value in Central - This column contains the central user type from the ZBV that is stored for the respective subsidiary system to the user.
RSUSR008_009_NEW
It is easier to specify the programme name in the PROGRAM field because the maximum value of 40 characters is the limit for programme names in the SAP NetWeaver application server ABAP. If it is a function block or a Web application, you can obtain the programme name by using the System Trace for Permissions (transaction ST01 or transaction STAUTHTRACE). In the SPTH table, you can define access rights for paths and whether you want to perform an additional permission check on the S_PATH object.

You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.

Excel-based tools that do not use the PFCG transaction in the background, like eCATT, function almost exclusively on the one-way principle: Simultaneous maintenance of roles in the PFCG transaction is no longer possible, and changes there are overwritten by the tool. This means that all permission administrators must work exclusively with the new solution.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

Therefore, it should be assigned to a so-called emergency user at most.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

If a user does not have a print permission for an output device (S_SPO_DEV privilege object), an instant print flag may be rescinded, which means that a spool job created during the job step would not print immediately.
SAP BASIS
Zurück zum Seiteninhalt