SAP Authorizations RSUSRAUTH - SAP Corner

Direkt zum Seiteninhalt
Deleting versions
Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.

CREATE_EMAIL_CONTENT: The example implementation of this method generates the e-mail content. The user ID, the relevant system and the initial password are listed for each user. When the method is called in the Central User Management (ZBV), all initial passwords associated with the system in which the password was reset are listed. You should adapt the content of the e-mail to your requirements.
User administration (transaction SU01)
Users can activate or deactivate processes without affecting other processes. For example, they can activate Succession & Development without affecting position management in Employee Central. With the help of the tool, users always know for what purpose a particular user has been given a particular permission. Basic authorizations, which are identical for every user, are only stored once in a platform role. This ensures that system performance remains optimal.

In contrast to storing passwords in the form of hash values, the user ID and password are transmitted unencrypted during the login of the client to the application server. The Dynamic Information and Action Gateway (DIAG) protocol is used, which may look somewhat cryptic but does not represent encryption. In addition, there is no cryptographic authentication between the client and the application server. This applies not only to communication between the user interface and the application server, but also to communication between different SAP systems via Remote Function Call (RFC). So, if you want to protect yourself against the access of passwords during the transfer, you have to set up an encryption of this communication yourself.

Authorizations can also be assigned via "Shortcut for SAP systems".

In a new System Trace window, you can specify the evaluation criteria for the trace, such as the user using the Trace field only for users or the time period over which to record.

If you want to know more about SAP authorizations, visit the website

In this case, it may be useful to download the archived revision documents back to a shadow database to make them available for faster review.
SAP Corner
Zurück zum Seiteninhalt