To inherit SAP permissions with different organisational levels
SM62 Event History
If table logging is active in your system, you can specify which tables are to be logged in transaction SE13. For an active logging it is necessary to set the flag "Log data changes".
With the growth of the company also came extensions and the need for a whole SAP Basis team. Basically, it is a condition that occurs sooner or later in any organization that maintains SAP systems.
ST02 Operating system overview
Due to the technology diversity, including in the SAP product portfolio, the support by a single silo unit SAP basis is almost impossible. Likewise, there are many activities that are located for historical reasons in the SAP basis and in parallel in the non-SAP area. In this respect, the separation between SAP and Non-SAP must be examined and, if possible, eliminated by standardisation, integration and centralisation. For example, the issue of output management can be set up in a team that has knowledge in the SAP printing area as well as in the non-SAP printing area and has contact points in the SAP basis. From the SAP basis, tools must be made available to the non-SAP areas to support them in their work in the SAP environment.
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
The transactions are stored in blocks of the chain.
The first call should automatically open a dialogue to maintain the organisational levels, as they are still empty.