SAP Authorizations Grant permission for external services from SAP CRM - SAP Basis

Direkt zum Seiteninhalt
Grant permission for external services from SAP CRM
Configure Security Audit Log
If the changes to your SU24 data have not been detected with step 2a, or if you have imported transports from other system landscapes into your system, you have the option to reset the timestamp tables and start again. To do this, run the SU24_AUTO_REPAIR report in a system that is still at the state of the legacy release so that the modification flag is set correctly (see tip 38, "Use the SU22 and SU24 transactions correctly"). Subsequently, you create a transport and transport your SU24 data to the system, which is at the state of the new release. Now delete your timestamp tables. You can use the report SU25_INITIALIZE_TSTMP. Starting with SAP NetWeaver 7.31, you have the choice to set the reference time stamp from the SU22 data or delete the contents of the time stamp tables. You can then run Step 2a again.

After all authorizations are maintained, the role must be saved and generated and a user comparison must be performed. However, this should not be a topic here in the article. This can also be done with the transaction PFUD (see comments to the article "SAP BC: Empty user buffer" :-).
Do not assign SAP_NEW
Careful preparation is a prerequisite for a successful authorisation check. A functional specification must be created for all customer-specific functionalities. This forces us to think about what the actual requirements of the application are and then describe the possible implementation. In doing so, security-related aspects, such as eligibility testing and allocation, must be taken into account. Define what you can do with this programme and also what you cannot do explicitly! In the case of a permission check, not only the activity to be performed, such as reading, changing, creating, etc. , can be checked. You can also restrict access to records by using specific criteria, such as field content or organisational separators.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

The Security Audit Log now logs the table or view name and the scheduled activity of external table access via RFC connections; a new message type has been defined. You can find this fix and an overview of the required support packages in SAP Note 1539105.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

If the reference user does not exist in one of the systems, the mapping is ignored.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

Furthermore, the authorization concept includes content such as the integration of the data owner, security-relevant system settings, specifications for maintaining authorization default values (transaction SU24) and documentation requirements.
SAP BASIS
Zurück zum Seiteninhalt