SAP Authorizations SAP Security Automation - SAP Basis

Direkt zum Seiteninhalt
SAP Security Automation
Customising User and Permissions Management
The Security Audit Log can also log customer-specific events in restricted way starting with SAP NetWeaver 7.31. The event definitions DUX, DUY and DUZ are reserved for customers and delivered with a dummy expression. For these events, you can then define individually configurable messages using the RSAU_WRITE_CUSTOMER_EVTS function block. To do this, you must first identify the additional necessary events and define their message texts and variables. Note that you may not change the meaning of the message and the arrangement of the variables later, as this would prevent older log files from being readable. Finally, you must include the new message definitions in your filters (transaction SM19). You will find the corrections and an overview of the required support packages in SAP Note 1941526. Since the use of this functionality requires extensive knowledge about the Security Audit Log, it is important that you also consider the recommendations in SAP Note 1941568 and that you can be supported by a basic consultant.

The handling of organisational levels in PFCG roles wants to be learned. If these are maintained manually, problems arise when deriving rolls. We will show you how to correct the fields in question. Manually maintained organisational levels (orgons) in PFCG roles cannot be maintained via the Origen button. These organisational levels prevent the inheritance concept from being implemented correctly. You can see that organisational levels have been maintained manually when you enter values via the Ormits button, but the changes are not applied to the authorization object.
SAP Data Analytics
Together with you, we develop suitable authorizations for your systems and processes. In workshops with your departments, we create concepts to assign the required rights to employees. The goal is to define so-called job roles, which represent job profiles at the job level.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

The convenience of configuring and evaluating the Security Audit Log has been improved. For this purpose, the maximum number of marked messages in the detail selection has been increased to 40 events, a forward navigation for the displayed objects has been added and the details selection in transaction SM20 has been supplemented with the technical event names. You will find the corrections and an overview of the required support packages in SAP Note 1963882.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

This report provides information about which user or single role has the S_TABU_DIS or S_TABU_NAM authorization objects.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.

You use the RSUSR010 report and you do not see all transaction codes associated with the user or role.
SAP BASIS
Zurück zum Seiteninhalt