SAP Authorizations Managed Services - SAP Basis

Direkt zum Seiteninhalt
Managed Services
Set password parameters and valid password characters
Manual authorization profile - To minimize the editing effort when using manual authorization profiles, you usually do not enter individual authorizations in the user master record, but authorizations combined into authorization profiles. Changes to access rights take effect for all users whose user master record contains the profile the next time they log on to the system. Users who have already logged on are therefore not initially affected by changes.

In most cases, customizing is performed using transaction SPRO. However, this is only the initial transaction for a very comprehensive tree structure of further maintenance transactions. Most customizing activities, however, consist of indirect or direct maintenance of tables. Therefore, a random check of the authorization structure in this environment can be reduced to table authorizations. In the case of delimited responsibilities within customizing (e.g. FI, MM, SD, etc.), attention should therefore be paid here to an appropriate delimitation within the table authorizations. Independent of assigned transaction authorizations within customizing, a full authorization on table level combined with a table maintenance transaction such as SM30 practically corresponds to a full authorization in customizing. Normal customizing by user departments generally refers to client-specific tables. Access to system tables should therefore be restricted to basic administration if possible.
Essential authorizations and parameters in the SAP® environment
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.

In the only method of the BAdIs, CHANGE_ITEMS, programme the necessary checks, such as on specific data constellations or permissions. These can refer to all fields in the FAGLPOSX structure. You do this by specifying that all lines for which the test was not successful will be deleted during the execution of the method. This implementation of the BAdIs complements the Business Transaction Event 1650 described in the second example. You can also use the FB03 transaction to display receipts in the same way that you implement the FB03 filter. In this case, implement the required checks in the BAdI FI_AUTHORITY_ITEM.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

You have read that it is possible to perform mass activities, such as mass roll-offs, using standard means.

The first call does not display the newly created project.
SAP BASIS
Zurück zum Seiteninhalt