SWDM Business Workflow Explorer
Define the queue [page 17]
Permissions beyond the daily task spectrum are granted only for limited periods and under control. The activities with the emergency user are logged in a revision-proof manner. Do you already have an emergency user concept in use or would like to introduce one? I'm happy if you share your experience with me! You can leave me a comment or contact me by e-mail.
Database layer: The database layer contains a database server on which all the data of the SAP ERP system is managed. This includes the database management system (DBMS for short) and the actual dataset. The dataset includes user data and data tables as well as applications and system control tables.
SAP lockout issues: Call the SM12 transaction and make sure that there are no programmes named RDDIMPDP. For more information, see Note 11677. ADDON_CONFLICTS_? This step checks to see if there are conflicts between objects in the queue and add-ons installed. If there are such conflicts, SPAM will cancel and prompt you to play the appropriate Conflict Resolution Transports (CRTs).
Especially in larger companies, which also have multiple locations in different countries, it is often necessary to grant different employees the same permissions for different levels of organisation, such as accounting circles. In order to make maintenance and maintenance of the system easy in such a situation, it is useful to set the inheritance principle for SAP permissions. How does SAP Permissions Inheritance work? An inheritance is always about a master object passing certain properties to a derived (sub) object. Therefore, these properties do not need to be maintained several times. Also, changes to the master object are passed directly to the derived objects. This allows easier maintenance and drastically minimises the error rate. In the case of SAP Permission Inheritance, the required permissions are bundled in a Upper or Master role. Only the organisational levels have to be maintained in the roles derived from them. The permissions are automatically pulled from the master role. Create Inheritance for SAP Permissions The following shows how to create and use inheritances for SAP permissions. This requires only two steps: Creating a master role and defining derived roles. Step 1: Create a master role Inheritance always requires a parent role, because all properties are inherited from it. If this role, in which all shared permissions are bundled, is missing, the first step is to create this master role. To do this, open the PFCG transaction and enter the desired name of the master role in the Name field. It is possible to identify master and derived roles by using naming conventions. The "Single Role" button will then be used to create the desired role. In the following example I create the master role "findepartment_r".
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
Basis administrators handle routine maintenance, operations, and upgrades, and play an important role in planning and executing migrations and other large-scale projects.
The Security Architect - part of the Xiting Authorizations Management Suite (XAMS) software solution developed by Xiting - offers you the possibility to precisely examine the current status of the SAP Basis settings with the help of the integrated check mode, whereby it is also possible to check several systems via RFC, starting from a central system.