SAP Authorizations Authorization concept - user administration process - SAP Basis

Direkt zum Seiteninhalt
Authorization concept - user administration process
Lock Inactive Users
Depending on the configuration of root data and processes, different permission checks can be relevant, so that it makes sense to adjust the proposed values. If custom applications have been created in the form of Z-transactions, Web-Dynpro applications, or external services, you must maintain suggestion values for these applications to avoid having manual permissions in the PFCG roles. You must ensure that custom applications are not always visible in the SU24 transaction. This is the case for TADIR services and external services. To learn how to make these services available for suggestion maintenance, see Tip 38, "Use the SU22 and SU24 transactions correctly.".

You probably know this. You find a specific customising table and you don't find it. Include the tables in the guide and they are easy to find. Customising is used by almost every SAP customer. Custom customising tables are created and standard programmes are extended. A custom programme that uses customising is written quickly. Project printing often lacks the time for sufficient documentation, for example in the SAP Solution Manager. The easiest way is to find customising tables where they are in the SAP standard: in the SAP Introductory Guide (IMG).
System trace function ST01
In these cases, the total permissions from the RFC_SYSID, RFC_CLIENT, and RFC_USER fields will not be applied. However, you will always see a system message. These constraints cannot be changed by the settings of the customising switch ADD_S_RFCACL in the table PRGN_CUST.

The security audit log is evaluated via the SM20 or SM20N transaction or the RSAU_SELECT_EVENTS report. We recommend using the report as you have more options to personalise the evaluation and to include archived logs of different application servers in the evaluation.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure.

Read more about the differences between these two transactions.
SAP BASIS
Zurück zum Seiteninhalt