SAP Authorizations ICS for business processes in SAP systems - SAP Basis

Direkt zum Seiteninhalt
ICS for business processes in SAP systems
Reset passwords using self service
The same applies to the concept of data ownership. Here, a person takes responsibility for the data of a certain scope (e.g., SAP system X or system landscape Y) and looks after it as if it were his own precious possession. He or she conscientiously answers questions such as "May data be changed / viewed / deleted?", "How is action taken in the event of a data leak?", "Who may access the data and how, and what may be done with it?".

To do this, first define what information should be checked. In the SU20 transaction, verify that the required fields may already exist as permission fields. If you want to check custom fields, you must create your own permission fields in the transaction SU20. Please pay particular attention to the (F4) help provided. When defining customised permission fields, you assign a name in the Field Name field that is in your Customer Name Room and assign the corresponding data element and, if desired, a table name for a value help. The next step is to create your own authorization object and assign your permission fields and, if necessary, default permission fields. If you use the ACTVT field to validate the activity, you must use the Activities allowed button to select the activities that you want to validate from the source code of your programme. For recommendations on the naming conventions for authorization objects, see SAP Note 395083.
Transactional and Native or Analytical Tiles in the FIORI Environment
Structural authorizations work with SAP HCM Organizational Management and define who can be seen, but not what can be seen. This is done based on evaluation paths in the org tree. Structural authorizations should therefore only be used together with general authorizations. Just like the general authorizations in SAP ECC HR, they enable regulated access to data in time-dependent structures. An authorization profile is used to determine the authorization. In addition, it is defined how the search is carried out on the org tree.

At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.

You should archive all document types at the same time intervals; This is especially true for the US_USER and US_PASS archive objects. It is customary to keep the supporting documents between 12 and 18 months, as this corresponds to the retention periods for the revision. For performance reasons, if you want to archive in shorter intervals, you should always archive all archive objects at the same time and store the PFCG and IDENTITY archive object classes in separate archives. In this case, it may be useful to download the archived revision documents back to a shadow database to make them available for faster review. You can use the following reports: RSUSR_LOAD_FROM_ARCH_PROF_AUTH / RSUSR_LOAD_FROM_ARCHIVE. You can also archive the table change logs with the BC_DBLOGS archive object.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

You can customise these suggestion values to suit your needs.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

The RESPAREA field has a maintenance dialogue that allows you to enter areas of responsibility.
SAP BASIS
Zurück zum Seiteninhalt