SAP Authorizations Which challenges cannot be solved with authorization tools alone? - SAP Basis

Direkt zum Seiteninhalt
Which challenges cannot be solved with authorization tools alone?
Get an overview of the organisations and their dependencies maintained in the system
Because certain types of permissions, such as analysis permissions, for SAP BW, or structural permissions in SAP ERP HCM are not based on SAP permission profiles, these permissions are not displayed or refreshed in the permission buffer. To analyse such eligibility issues, you must therefore use the appropriate tools, such as the HRAUTH transaction for SAP ERP HCM or the RSECADMIN transaction for SAP BW. The same applies to the Organisation Management buffer if you use indirect role mapping. Run the RHWFINDEXRESET report to reset the Organisation Management buffer. A prerequisite for the user buffer to be up-to-date is the correct user matching (green instead of yellow statusabilds on the Users tab).

Single role - Created using the role administration tool, it enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu of the users.
Customizing
However, the permission trace is a long-term trace that you can turn on using the auth/authorisation_trace dynamic profile parameter. This trace is user- and client-independent. In the USOB_AUTHVALTRC table, the trace supplements the permissions checks that were not captured before the application ran. This function can also be used for customer-specific developments. Now, go to the RZ11 transaction, enter the auth/authorisation_trace parameter name in the selection box, and click View. You will now get to the detailed view of the profile parameter with all properties and the link to a documentation. To turn the trace on, click Change Value and a pop-up window will open. Enter "Y" or "F" for filters here if you want to define a filter (see Tip 38, "Use SU22 and SU24 transactions correctly") and save your input. A warning appears informing you that the parameter value would be reset when the application server is launched.

You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.

The Security Audit Log (SAL) has ten different filters in the current releases, which control which events are logged. You can configure these filters via the SM19 transaction. The events are categorised as uncritical, serious or critical.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Service users are used for multi-person anonymous access, such as Web services.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.

When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions.
SAP BASIS
Zurück zum Seiteninhalt