Maintain authorization objects more easily
Eligibility objects that were visible in the permission trace are quickly inserted in rolls. But are they really necessary? Are these possibly even critical permissions? A review of the Permissions Concept can reveal that critical permissions are in your end-user roles. We would like to give you some examples of critical permissions in this tip. It is helpful to know which authorization objects are covered by the critical permissions. They must also ask themselves whether the granting of these allowances entails risks.
The password lock is not suitable to prevent the login to the system, because it does not prevent the login via single sign-on. Learn how to safely lock the system logon. The SAP system distinguishes several reasons for blocking. Therefore, sometimes there is confusion when a user is still able to log on to the system, e.g. via Single Sign-on (SSO), despite the password lock. We explain the differences between locking passwords, locking and validity of user accounts, and validity of assigned permissions in the following.
After all authorizations are maintained, the role must be saved and generated and a user comparison must be performed. However, this should not be a topic here in the article. This can also be done with the transaction PFUD (see comments to the article "SAP BC: Empty user buffer" :-).
To read or modify data, a user must have both the privilege of performing a specific action and the privilege of accessing the object. The following privileges are distinguished in SAP HANA.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
However, this only applies if no further transaction requires this permission and therefore uses the same permission proposal.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
To do this, open the SIMGH transaction again, call your structure in Change mode, and paste it under the previously created folder by selecting Action > Insert a Level Lower.