SAP Authorizations A concept for SAP authorizations prevents system errors and DSGVO violations

Direkt zum Seiteninhalt
A concept for SAP authorizations prevents system errors and DSGVO violations
Temporarily disable Central User Management
When your selection is complete, just exit the image with the green button. You will now arrive at the Details Selector screen, where you can select the selection fields and the output fields (the List Field Selector and Selection Fields tabs) of your table combination. We select the authorization objects and values as selection and the role name, and the user as output fields. Done! Now the query can be started with the Run button. In the background, the system creates a programme that builds the join. As a result, a selection screen appears. Enter"S_TCODE"as object and"SCC4"as field value (we only have one field for this object). When you click Run, all users and the triggers are output to you.

In principle, the SAP_NEW permission should not be granted in the production system. The Profiles tab displays the generated profiles in the user master record that are associated with a specific user. Here you can also assign manually created permission profiles from the transaction SU02 - even without direct role mapping. In principle, the recommendation is to use the profile generator (transaction PFCG) to generate authorisation profiles automatically. Special caution is taken when you enter generated permission profiles directly on the Profiles tab, as these assignments will be deleted by matching user assignments with the transaction PFUD if no entry is on the Roles tab for the assignment. You have probably assigned SAP_ALL and SAP_NEW to users for whom there should be no restrictions in the SAP system. But what are these two profiles different from each other and why are they necessary?
Authorization object documentation
Business objects to which companies refer authorizations are defined in the system as authorization objects. For individual conditions, SAP delivers the authorization objects F_FICO_IND and F_FICO_AIN. With F_FICO_IND you can define which individual conditions are checked when processing the contract depending on the defined authorization fields and their characteristics. Using the authorization object F_FICO_AIN, companies can define whether and how individual conditions are to be checked when processing in the BAPI channel depending on the defined authorization fields and their characteristics.

Configuration validation is a tool that allows systems to be tested against corporate or organisational requirements and regulations. You can find this tool in the Change Management section of the SAP Solution Manager. This allows you to evaluate security-relevant configurations and critical permissions. This is based on the SAP Solution Manager's Configuration and Change Database (CCDB), which stores all details about the configuration of the connected systems. The configuration data is stored in different configuration stores, depending on the type of configuration. You can evaluate the configuration of the operating system, the database, and profile parameters in the ABAP and Java systems. You will also get an overview of the status of transport orders and support packages. You can also track changes to the configurations of the attached systems in the CCDB. You can also graphically evaluate these changes via an end-to-end analysis in SAP BW; contains information on the number of changes per system, the type of changes and the modification date.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

By clicking on the Registration Data button, you start the RSUSR200 report and you enter the selection mask.

The relevant authorization objects are then displayed in an ALV list and the documentation for the authorization object can be called up via the I in the Docu column.
SAP Corner
Zurück zum Seiteninhalt