SAP Authorizations Development - SAP Basis

Direkt zum Seiteninhalt
User Management
Once you have archived the change documents from the User and Permission Management, you can use a logical index for change document properties to significantly improve performance. First, however, you must ensure that SAP Notes 1648187 and 1704771 are installed in your systems. These notes provide the SUIM_CTRL_CHG_IDX report, which adds key characteristics for change document characteristics of the PFCG and IDENTITY object classes to the SUIM_CHG_IDX table when you have marked the Indices key change documents field. All change documents are indexed (this can lead to a very long run time when the report is first run). Later, the newly added change documents are indexed regularly (e.g. weekly or monthly). To do this, specify the target date in the selection of the report and schedule it as a regular job. Note that you can only create the index until the previous day - otherwise inconsistencies may occur.

To define the proposed values for the new transaction, use the transaction SU24_S_TABU_NAM. In the selection mask, you can either enter your new Z transaction, or you can enter the SE16 transaction in the Called TA search box. This will search for all parameter transactions that use the SE16 transaction. In the result list, you will find all parameter transactions that use the SE16 transaction as the calling transaction. The last two columns indicate whether the S_TABU_DIS or S_TABU_NAM authorization objects have suggestion values maintained in the SU24 transaction.
Make mass changes in the table log
Authorizations are the main controlling instrument for mapping risk management and compliance. They are used to control all processes in the systems. For the most part, separation of functions is implemented exclusively with authorizations. Therefore, not only the one-time setup of authorizations is relevant, but also the continuous monitoring and control of the authorization assignment. Various tools are available on the market for this purpose. A re-certification process that involves the departments and optimizes the revalidation of authorizations is helpful.

Please note that depending on the results of the RSUSR003 report, a system log message of type E03 is generated. If a critical feature (stored in red) is detected, the message text"Programme RSUSR003 reports ›Security violations‹"is written into the system log. If no critical feature has been detected, the message"Programme RSUSR003 reports ›Security check passed‹"will be displayed instead. This message is sent because the password status information of the default users is highly security relevant and you should be able to track the accesses. You can grant the User and System Administration change permissions for the RSUSR003 report, or you can grant only one execution permission with the S_USER_ADM authorization object and the value CHKSTDPWD in the S_ADM_AREA field. This permission does not include user management change permissions and can therefore also be assigned to auditors.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

However, in order to achieve a high quality in the development of your applications, you should use a system landscape with development system (DEV), quality assurance system (QAS) and productive system (PRD).

In order for these FIORI apps/tiles and groups to be displayed, the corresponding authorizations must be made on the basis of a group and catalog assignment.
Zurück zum Seiteninhalt