SAP Authorizations Custom requirements

Custom requirements

Object S_BTCH_ADM (batch administration authorization)

However, it is possible to include the same role in several tasks of different operators within each contract. This increases transparency for you, because all participants can instantly identify which users are editing the role. Before you enable the use of the SCC4 transaction setting for role maintenance, you should release existing role transports to avoid recording conflicts. As a rule, you do not choose the setting depending on your role-care processes; So you have to think very carefully about what the activation will do.

The SAP HANA Studio application is available for maintaining and assigning HANA permissions to users. The SAP HANA Studio is installed on your workstation. You can then log in to one or more HANA databases with the user and password. The SAP HANA Studio and HANADatenbank are currently subject to extensive further developments; Therefore, the respective versions of the SAP HANA studio must be compatible with the HANA databases to be connected. For this reason, we recommend that you check the information about the use of certain versions of SAP HANA Studio in the SAP Notes.

General authorizations

If a user is assigned SAP_ALL, he has all permissions in an ABAP system. Therefore, particular care should be taken in the dedicated award of this entitlement. SAP_ALL can be generated automatically when you transport authorization objects. The SAP_ALL_GENERATION parameter must be maintained in the PRGN_CUST table.

The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

The RSUSR008_009_NEW report cannot replace a GRC system (GRC = Governance, Risk, and Compliance) with the SAP Access Control component.

Using the authorization object F_FICO_AIN, companies can define whether and how individual conditions are to be checked when processing in the BAPI channel depending on the defined authorization fields and their characteristics.