SAP Authorizations Protect Passwords - SAP Corner

Direkt zum Seiteninhalt
Protect Passwords
Reference User
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.

The Security Audit Log can also log customer-specific events in restricted way starting with SAP NetWeaver 7.31. The event definitions DUX, DUY and DUZ are reserved for customers and delivered with a dummy expression. For these events, you can then define individually configurable messages using the RSAU_WRITE_CUSTOMER_EVTS function block. To do this, you must first identify the additional necessary events and define their message texts and variables. Note that you may not change the meaning of the message and the arrangement of the variables later, as this would prevent older log files from being readable. Finally, you must include the new message definitions in your filters (transaction SM19). You will find the corrections and an overview of the required support packages in SAP Note 1941526. Since the use of this functionality requires extensive knowledge about the Security Audit Log, it is important that you also consider the recommendations in SAP Note 1941568 and that you can be supported by a basic consultant.
Archive change document management for user and permission management
If a release change occurs, the adjustment of permissions is also required as a rework. You will have already learned that this task can be very complex. Many innovations make this work easier and make the whole process more transparent. In the event of a release change, not only new applications are often added, but also new or modified authorization objects, permission checks, and, as a result, modified suggestion values. With the SU25 transaction, you can update the suggestion values step by step and then update all the affected roles. So far, however, the transaction has been a kind of black box for you. You have performed each step without seeing how your suggestion values or roles have changed. We will now show you how to use the new features of the SAP NetWeaver Application Server ABAP to increase transparency in upgrading suggestion values and mixing PFCG roles.

Starting with SAP NetWeaver 7.31, the Security Audit Log enables the complete display of longer event parameters in messages. To do this, the maximum storage space for variables in messages has been increased to 2 GB. To play this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1819317.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

The use of suggestion values not only brings advantages when creating or maintaining PFCG roles, but also when maintaining permissions as a rework of an upgrade.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.


If no security policy has been assigned to the user, the system will consider the password rules in the profile parameters and in the customising table PRNG_CUST.
SAP Corner
Zurück zum Seiteninhalt