SAP Authorizations Copy values from the Clipboard to the transaction's PFCG permission fields - SAP Corner

Direkt zum Seiteninhalt
Copy values from the Clipboard to the transaction's PFCG permission fields
Unclear objectives and lack of definition of own security standards
Since the introduction of the security policy in SAP NetWeaver 7.31, this report has changed. In older releases, instead of the security policy overview, a profile parameter selection page is offered in the report's startup screen. If you select Show Profile Parameters in this selection view, you will see an overview of the Profile Parameters settings in the upper half of the screen. Here you should pay particular attention to the setting of the parameter login/no_ automatic_user_sapstar and check its setting even after the switch to the security policy.

Other dangers include admins simply copying user roles, not having control processes for permission assignments, or not following the processes over time. In this context, two things should be clarified: Which SAP user is allowed to access which data? How do the roles differ (especially if they are similar)?
Search for user and password locks
The assignment of the SAP_ALL profile is not required for the operation of an SAP system; therefore, a yellow icon will appear for the first check once a user has assigned the profile. For the other six checks on critical base permissions, the yellow icon will be displayed when a client is found on the system and at least one of the following two conditions applies: More than 75 users have the permission checked in this check. More than 10% of all users have the permission checked in this check, but at least 11 users.

You can influence the default behaviour of various transactions and parameters with the customising switches for the maintenance of Session Manager and Profile Generator as well as the user and permission management. The SSM_CID table gives you an overview of all customising switches supplied by SAP, specifying the relevant tables SSM_CUST, SSM_COL, PRGN_CUST and USR_CUST. The short description of the customising switch refers to the relevant and current SAP references. The actual settings can be found in the SSM_CUST, PRGN_CUST and USR_CUST tables.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Thus, for an own authorization object with the authorization field ACTVT, the activity 01 Add or Replace, 02 Change and 03 Display can be selected and would then be available as a selection in the authorization field in the role maintenance.

If you want to know more about SAP authorizations, visit the website www.sap-corner.de.


The missing authorization objects will be displayed in "red".
SAP Corner
Zurück zum Seiteninhalt