Context-dependent authorizations
The Anatomy of SAP Authorization or Documentation on SAP Authorization Objects and Authorization Field Values
Most client programmes are additions to the standard functionalities or variations of the same. Therefore, when you create your own programmes, you can follow the eligibility checks of the standard programmes or reuse the permissions checks used there.
Then run step 2c. Here too, there are new features. You will be shown a selection of the roles to match again. However, you have the possibility to perform a simulation of the mixing process via the button Mix. This allows you to see which permissions would be changed in the roles without actually doing so. For more information, see Tip 44, "Compare Role Upgrade Permissions".
SAP Security Concepts
There are extensive revision requirements for password rules. Learn how to define these requirements globally, which special characters are accepted by the SAP standard, and how to set the parameters for generated passwords. Do you not want to use SAP's standard password creation rules, but rather make your own password requirements for your users? Do you need to implement internal or external security requirements, such as audit requirements? You do not want to allow certain words as passwords, exclude certain special characters or change the formats of passwords generated by the SAP system? In the following we give you an overview of the possible characters, the existing profile parameters and the customising settings for passwords.
You use the RSUSR010 report and you do not see all transaction codes associated with the user or role. How can that be? The various reports of the user information system (SUIM) allow you to evaluate the users, permissions and profiles in the SAP system. One of these reports, the RSUSR010 report, shows you all executable transactions for a user, role, profile, or permission. Users of the report are often unsure about what this report actually displays, because the results do not necessarily correspond to the eligible transactions. Therefore, we clarify in the following which data are evaluated for this report and how these deviations can occur.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
A careless handling of the permissions with sensitive employee data can go quite nicely in the pants.
Identified users will be output either through a complete list or through examples of specific users.