SAP Authorizations System trace function ST01 - SAP Basis

Direkt zum Seiteninhalt
System trace function ST01
Trace after missing permissions
Very often the question then arises, does anything have to be prepared for the audit? As a rule, all of the company's own notes from previous years should be retrieved and combed through for information that was noted at the time during the discussions with the IT auditor. The IT auditor's findings and comments that show potential for improvement in IT-relevant processes or system settings are particularly essential. Furthermore, any reports by the auditor from the previous year should also be taken into account, in which deficiencies identified at that time were pointed out.

You can limit the recording to a specific user. You can also use the trace to search only for permission errors. The evaluation is similar to the evaluation of the system trace in the transaction ST01. In transaction STAUTHTRACE, however, you can also evaluate for specific authorization objects or for specific permission check return codes (i.e. after positive or negative permission checks). You can also filter multiple entries.
Centrally review failed authorisation checks in transaction SU53
Most client programmes are additions to the standard functionalities or variations of the same. Therefore, when you create your own programmes, you can follow the eligibility checks of the standard programmes or reuse the permissions checks used there.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

If the security advice change affects normal programme flow, you should schedule application tests. If only exceptional treatments are adjusted, you can omit or severely limit the test.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

The User Information System is a powerful tool that allows you to perform various evaluations: - In which roles is the transaction ME23N included? - Which transactions may a specific user execute (see also report RSUSR010)? - Which customer-specific authorization objects exist in the SAP system? - How do two roles differ (see also report RSUSR050)?

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

This makes the table a white list.
SAP BASIS
Zurück zum Seiteninhalt