SAP Authorizations Sustainably protect your data treasures with the right authorization management - SAP Corner

Direkt zum Seiteninhalt
Sustainably protect your data treasures with the right authorization management
Another option is to not assign the SAP_NEW permission to a user. For example, during the tests to be performed, both the development system and the quality assurance system will experience permission errors. These should then be evaluated accordingly and included in the appropriate eligibility roles for the correct handling of the transactions.

Launch the QuickViewer for SAP Query with the SQVI transaction. Create a new query named ZMYSUIM on the entry screen. Enter a description of it and - this is the most important step - specify a table join as the data source. You can now specify your data sources on the following screen. You can select the tables in the menu via Edit > Insert Table (or by pressing the button ). In our case, this would be the AGR_ 1251 table for the Role Permissions Values and the AGR_USERS table for the user assignments in rolls. The system automatically proposes a join of the tables via shared data columns. In our example, this is the name of the role.
Implementing Permissions Concept Requirements
We therefore recommend that you schedule a background job on the PFUD transaction, which performs a regular user comparison (see Trick 17, "Schedule PFUD transaction on a regular basis"). By the way, did you know that the auth/tcodes_not_checked profile parameter enables you to disable the transaction startup permissions for the SU53 and SU56 transactions? To do this, enter the value SU53, SU56, or SU53 SU56 for the profile parameter. This means that the end user no longer needs the permissions to run these transaction codes from the S_TCODE authorization object.

Describing all configuration options would exceed the scope of this tip. If you need explanations about a customising switch that are not listed here, look for the relevant note about the SSM_CID table. All settings described here can be made via the transaction SM30. You must consider that all settings in the SSM_CUST, SSM_COL, and PRGN_CUST tables are client-independent; only the settings of the USR_CUST table depend on the client.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

The third line with PATH = /tmp/myfiles defines a permission group with FS_BRGRU = FILE, triggering the subsequent permission check on the S_PATH object.

At you will also find a lot of useful information on the subject of SAP authorizations.

The goal of data analytics is to use existing technology, data processing algorithms and statistical methods to support management in the decision-making process.
SAP Corner
Zurück zum Seiteninhalt