SAP Authorizations SAP Security Concepts - SAP Basis

Direkt zum Seiteninhalt
SAP Security Concepts
SAP Authorization Trace - Simple Overview of Authorizations
The proposed values in the SU24 transaction are an imperative for the maintenance of PFCG roles, as these values are used when creating PFCG roles. The better these values are maintained, the less effort is required to maintain the PFCG roles (see figure next page). You may ask yourself in which cases it makes sense to adjust the proposed values, since they have such a large impact on the maintenance of roles.

The report PRGN_COMPRESS_TIMES provides a remedy. You can call it directly or in the edit mode of a PFCG role in the PFCG transaction via Tools > Optimise User Mapping.
Reference User
The audit result lists the vulnerabilities by priority, with a high priority combined with a high hit safety of a finding and a low priority combined with low hit safety. In addition, more information is available within the ABAP editor at each location. This priority indicator helps you to identify whether a false positive or an actual security problem is present. Priorities 1 and 2 are very likely to be a genuine reference. The tool provides recommendations on how to modify the source code to correct the vulnerabilities. In addition to the individual checks for individual developers, the tool also offers mass checks, for example to check an entire application for vulnerabilities in one step.

If you want to know more about SAP authorizations, visit the website www.sap-corner.de.

To use the trace data from the USOB_AUTHVALTRC table, first go to the change mode and then either click the SAP Data button or select Object > Add Objects from Trace > Local. The found authorization objects are imported from the table, but are not yet marked with any suggestion values. To maintain the suggestion values, click the Trace button. In the window that opens, select one of the new authorization objects and then select Trace > Permissions Trace > Local. The checked permission values will now be displayed. To apply these values, select Y Yes in the Suggest Status combo box and select the values you wish to display in the right pane of the window. Then click Apply. After confirming your entries, you confirm the Permissions field maintenance in the Permissions proposal maintenance by clicking on the green checkmark, so that the status of the Permissions object is green (maintained). Also continue with other authorization objects.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

You can also evaluate the application log through the SLG1 (ATAX object) transaction; the output of the report CA_TAXLOG seems more useful here.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

The Security Audit Log is not fully configured until both the profile parameters and an active filter profile have been maintained.
SAP BASIS
Zurück zum Seiteninhalt