SAP Authorizations Using suggestion values and how to upgrade - SAP Basis

Direkt zum Seiteninhalt
Using suggestion values and how to upgrade
Maintain batch job suggestion values
Finally, you can extend your implementation of the BAdIs BADI_IDENTITY_SU01_CREATE and pre-enter additional fields of the transaction SU01. To do this, complete the appropriate SET_* methods of the IF_IDENTITY interface. For example, it is possible to assign parameters that should be maintained for all users, assign a company, or assign an SNC name.

If such information is available from the past, it should be checked whether all topics have been implemented in accordance with the comments. If one or the other recommendation has not been implemented, this circumstance should in any case be documented in a comprehensible manner, or it should be possible to provide a comprehensible justification. However, it is not sufficient to focus only on the improvement potentials that have been presented, because it must be ensured that all those points that have not been criticized in the past will continue to fit. Preparation is made much more difficult if there are no helpful comments or reports from the previous fiscal year, or if it is a first-time audit or a change of auditor. What all does the IT auditor look at during the annual audit? There are topics that every auditor looks at because there are standards for doing so, however it is common for the auditor to perform additional audit procedures in the IT audit depending on the strategy of the overall audit. In this newsletter we want to focus on the most important standard audit topics on the process level and the IT controls defined therein in the context of the SAP® system.
Reset passwords using self service
The background to the mass presence of authorization objects in a PFCG role after a role menu has been created is usually the mass of generic OP links that are not actually necessary for the CRMBusiness role. The existence of proposed values from the transaction SU24 loads the proposed authorisation values associated with the respective external services into the PFCG role, which results in too many unnecessary authorization objects being placed there. By excluding the GENERIC_OP_LINKS folder, you only need to take care of the external services and their authorization objects configured in the CRM business role in your PFCG role. For a user to have all the necessary permissions, you now assign the basic role with the permissions to the generic operating links and the actual role that describes the user's desktop.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

If you set the profile parameter dynamically, no users are logged out of the application server. You can prepare maintenance work in good time. The value 2 in the profile parameter does not prevent the login with the emergency user SAP*, if this is not set as user master record and the profile parameter login/no_automatic_user_sapstar is set to 0. You can also change the value of the parameter again at the operating system level. For details on the SAP user, see Tip 91, "Handling the default users and their initial passwords".

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

The posting of documents, and often their display, is protected by standard permission checks; but they may not meet your requirements.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

You can read the order in which the favourite entries are sorted from the SORT_ORDER field.
SAP BASIS
Zurück zum Seiteninhalt