SAP Authorizations SAP S/4HANA: Analysis and simple adjustment of your authorizations - SAP Basis

Direkt zum Seiteninhalt
SAP S/4HANA: Analysis and simple adjustment of your authorizations
Our services in the area of SAP authorizations
If you want your own developments to meet your security requirements, just like the standard, you must assign table permission groups to the custom tables. Custom tables, or SAP standard tables that you want to protect in particular, belong to separate, if applicable, customer-specific table permission groups. If extensive permissions are to be granted for system administration or certain applications, this is done with the S_TABU_DIS authorization object for the table permission group. Since many standard tables do not have a table permission group assigned to them and therefore automatically end up in the table permission group &NC&, you should restrict access to this table permission group. For example, certain tables such as T000 (clients) are in a large table permission group (SS: RS: SAP control); therefore, it is better to restrict access via a separate table permission group. You should also always assign custom tables to a table permission group, otherwise they will also be assigned the table permission group &NC&. Therefore, we will explain below how you can create table permission groups and map tables.

The SAP authorization concept protects transactions, programs, services and information in SAP systems against unauthorized access. Based on the authorization concept, the administrator assigns users the authorizations that determine the actions this user can perform in the SAP system after logging on and being authenticated.
SAP FICO Authorizations
It is best if the persons responsible for the system develop role descriptions with their departments in advance and document them outside SAP SuccessFactors (e.g., as in Fig. 2). In case of queries, they can use this basis to explain exactly why someone has been given a certain authorization. The role descriptions and the report help to work in a DSGVO-compliant manner. Since the report updates automatically, companies have no additional effort to document the changes - one less unloved (and often "forgotten") task.

At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.

Initial passwords for standard users are extremely risky because they are published. Make sure that this vulnerability does not exist in your system landscape. An SAP system is always shipped with certain standard users or they are automatically set up for the transport management system, for example. These default users use initial passwords that are well known. Close this vulnerability by changing the passwords and protecting the default users from unauthorised use. In this tip we will show you how you can clarify the status of your standard users' passwords and give you recommendations on the settings of your profile parameters.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

Here you can change all filter settings, but not the number of existing filters.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

Because certain types of permissions, such as analysis permissions, for SAP BW, or structural permissions in SAP ERP HCM are not based on SAP permission profiles, these permissions are not displayed or refreshed in the permission buffer.
SAP BASIS
Zurück zum Seiteninhalt