Emergency user concept
The direct consequences are overauthorized users, a lack of overview and dangerous security gaps. In order to get the system back on track in the long term, a redesign is usually the most efficient solution. Depending on the requirements and project framework, we also rely on proven software solutions from our partners.
For an authorization concept, a clear goal must be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective system and the associated authorization concept must take into account. In this way, the legal framework is defined, which is a legal necessity for successful implementation.
Now the structure must be filled "with life". To do this, you must first create meaningful subfolders in the customer's own structure. As already mentioned, these are mostly based on the SAP modules. Make sure that you also set your customising for additional add-ons, so that later the work of support organisations is easier. Call the transaction SOBJ. There, you create customising objects that will later be reused in your IMG structure. It is useful to name the object exactly as the corresponding table. This simplifies the later maintenance in the IMG structure. Here you also decide whether and how the tables can possibly be maintained in the productive system. To do this, select the appropriate entries in the Category and Transport fields and check the Current setting option. Repeat this for all custom customising tables that are still needed.
Dialogue users are intended for use by natural persons who log in to the SAP system via SAP GUI (dialogue login). The dialogue user is therefore the most frequently used user type. The defined password rules apply to him. If the password is set by the administrator, it will get Initial status and must be set by the user at login again to get Productive status.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
However, there are cases where data in the SU22 transaction is maintained in a customer environment.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
If you select Show Profile Parameters in this selection view, you will see an overview of the Profile Parameters settings in the upper half of the screen.