SAP Authorizations Organisational allocation - SAP Basis

Direkt zum Seiteninhalt
Organisational allocation
Security within the development system
Structural authorizations work with SAP HCM Organizational Management. They primarily define who can be seen, but not what can be seen, based on evaluation paths in the org tree. Therefore, structural authorizations should only be used together with general authorizations. The determination works via a so-called authorization profile. In this profile, the evaluation paths are used to define how to search on the org tree. Function modules can also be stored, which can be used to determine objects from Organizational Management using any criteria. This makes the structural authorizations very flexible.

To make the most of the time stamping process, you should fill the time stamp tables in the legacy system before upgrading. Implement SAP Note 1599128. With this correction, the report SU25_INITIALIZE_TSTMP is delivered, which allows to write the current timestamps of your data from the transaction SU22 into the respective timestamp tables USOBT_TSTMP and USOBX_TSTMP. After the upgrade, you will have a reference date for your SU22 data, which you can use to compare with the SAP proposal data shipped for the new release. Setting the timestamps in the legacy release reduces the effort required to complete step 2a, because only those applications whose SU22 data has been modified are matched. If you have not filled the timestamp tables in the old release, the tables in your new release will be empty. In this case, in step 2a, the content of the SAP proposal values will be compared to the customer proposal values, regardless of a timestamp.
Authorizations
In addition, critical commands should be prohibited from the outset. Examples are EXEC SQL, which allows direct access to database tables bypassing certain security mechanisms, and CLIENT SPECIFIED, which allows access to data in other clients.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

You can use the function block level permission check by setting the FUNC value in the RFC_TYPE field in the S_RFC authorization object. If you still want to allow function groups, specify the value FUGR here. Depending on the RFC_TYPE field, type the name of the function block or group in the RFC_NAME field (name of the RFC object to be protected). This extension of the test is provided by the correction in SAP Note 931251.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

Because there is hardly anything more boring, at the latest after one hour the first errors creep in.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

When you copy the values from the TPCPROGS table, the TPC4 transaction is quickly configured.
SAP BASIS
Zurück zum Seiteninhalt