SAP Authorizations Role Management - SAP Basis

Direkt zum Seiteninhalt
Role Management
User administration (transaction SU01)
The security audit log is evaluated via the SM20 or SM20N transaction or the RSAU_SELECT_EVENTS report. We recommend using the report as you have more options to personalise the evaluation and to include archived logs of different application servers in the evaluation.

As part of the implementation of a security patch process, you will have to evaluate many security advisories, depending on your release and support package status. In this case, you can use the RSECNOTE report or the EarlyWatch Alerts to evaluate which security information has been identified as particularly critical by SAP Active Global Support. Since March 2013, the RSECNOTE report has only been very restricted and therefore contains only a few new safety recommendations. Nevertheless, it provides good guidance for the initial resolution of security gaps.
Features of the SAP authorization concept
You can use the previously created organisational matrix to either mass create new role derivations (role derivation) or mass update role derivations (derived role organisational values update). For both scenarios, there are separate Web-Dynpro applications, in which you must select the corresponding reference roles.

You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.

To access business objects or execute SAP transactions, a user requires appropriate authorizations, since business objects or transactions are protected by authorization objects. The authorizations represent instances of the generic authorization objects and are defined according to the employee's activities and responsibilities. The authorizations are combined in an authorization profile that belongs to a role. User administrators then assign the appropriate roles to the employee via the user master record so that the employee can use the respective transactions for his or her tasks in the company.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

You also need permissions to maintain the authorization objects in customising the result and market segment calculations.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

Similarly, SAP Identity Management version 7.2 SP 3 and above supports the installation of HANA users and the assignment of roles.
SAP BASIS
Zurück zum Seiteninhalt