SAP Authorizations System Security - SAP Corner

Direkt zum Seiteninhalt
System Security
Include customising tables in the IMG
The SAP authorization concept must generally be created in two versions: for the ABAP stack and for the Java stack. Which roles are required, which role may call which SAP functions, and other conceptual issues are identical. However, there are fundamental differences between the two versions.

Help, I have no permissions (SU53)! You want to start a transaction, but you have no permissions? Or the more complex case: You open the ME23N (show purchase order), but you don't see any purchase prices? Start transaction SU53 immediately afterwards to perform an authorization check. The missing authorization objects will be displayed in "red". You can also run SU53 for other users by clicking on Authorization Values > Other Users in the menu and entering the corresponding SAP user name.
Immediate authorization check - SU53
An alternative to using the S_TABU_LIN authorization object is to create custom table views that make organisational delimitation easier to achieve. To do this, create a new view in the SE11 transaction and add the table to which the constraint will apply on the Tables/Join Conditions tab. The Selection Conditions tab allows you to specify your restrictive organisational condition in the form of a field and a field value. You then authorise all relevant users to access the view, which contains only data for your organisational restriction.

The SAP standard offers various ways to record and play on a massive scale. These tools are generally available for all operations in the SAP system, not just for role maintenance. Therefore, they are also more complex to operate, in order to be able to cover as flexibly as possible all possible application scenarios. eCATT is also no exception, so many users are still afraid to use it. But we can tell you from experience: After the second or third time, the creation of the test scripts is so quick that you'll wonder why you haven't always done it this way.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

To select the application servers on which to start the trace, click the System Trace button.

At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.


If the user does not have permission to access the object, his request is rejected.
SAP Corner
Zurück zum Seiteninhalt