Concept for in-house developments
Use system recommendations to introduce security
The SAP administrator uses the concept to assign users their dedicated authorizations. Behind these is a checking mechanism based on so-called authorization objects, by which the objects or transactions are protected. An authorization object can comprise up to ten authorization fields. This allows complex authorization checks that are bound to several conditions.
A separate programme - a separate permission. What sounds simple requires a few steps to be learned. Do you want to implement your own permission checks in your own development or extend standard applications with your own permission checks? When implementing customer-specific permissions, a lot needs to be considered. In this tip, we focus on the technical implementation of the authorisation check implementation.
The requirements for the architecture of authorization concepts are as individual as the requirements of each company. Therefore, there is no perfect template. Nevertheless, there are topics that should be considered in an authorization concept.
The SAP Note 1903323 provides a solution. The functionality is only provided via support packages for NetWeaver releases 7.31 and 7.40. This fix extends the naming conventions so that namespaces in the /XYZ/ format can be used up to a maximum of eight characters. In the development and creation of authorization objects, some functionalities of the SAP hint are extremely helpful, which we present in this tip.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
This allows you to quickly find and clean up incorrect and security-critical authorizations not only by selecting the maintenance status of the authorizations, but above all by storing certain authorization objects and controlling them.
The SAP authorization concept protects transactions, programs, services and information in SAP systems against unauthorized access.