Service User
Archive change document management for user and permission management
Custom programmes should be protected with permissions, just like standard applications. What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed. For your programmes, you should create custom permissions checks by default and manage them accordingly.
Versions are the change documents within the development environment, for example, for changes to ABAP source code or the technical properties of tables. This authorization should only be assigned to an emergency user.
Authorizations in SAP systems: what admins should look out for
Changes to SAP user data should be uncomplicated and fast. Users can make requests for SAP systems themselves. In exceptional and emergency situations, SAP users should be assigned extended authorizations quickly and for a limited period of time. Simplified assignment and control of exception authorizations in SAP systems is required. You can freely and flexibly determine the duration of these authorization assignments. Decisions can be controlled and monitored across systems. Whether it's recertification of SAP users, vacation requests or birthday wishes: all these things can now be processed and managed centrally in one place.
The same applies to the concept of data ownership. Here, a person takes responsibility for the data of a certain scope (e.g., SAP system X or system landscape Y) and looks after it as if it were his own precious possession. He or she conscientiously answers questions such as "May data be changed / viewed / deleted?", "How is action taken in the event of a data leak?", "Who may access the data and how, and what may be done with it?".
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The time-space check works in context: In addition to the supporting documents of the audit period, older supporting documents are also included if they are still relevant for the audit period, such as open items that were booked in previous years but only settled in the audit period.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
With them, therefore, no dialogue login is possible on the SAP system, but only the login via RFC call.