SAP Authorizations Permissions and User Root Sets Evaluations - SAP Basis

Direkt zum Seiteninhalt
Permissions and User Root Sets Evaluations
Dialogue user
User trace - Transaction: STUSERTRACE - With the transaction STUSERTRACE you call the user trace. Basically, this is the authorization trace (transaction STUSOBTRACE), which filters for individual users. So you can call exactly the authorization trace and set the filter on a user. As with the authorization trace, the profile parameter "auth/authorization_trace" must be set accordingly in the parameter administration (transaction RZ10).

SAPconnect uses the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for signing when sending emails or for verifying and decrypting received emails. S/MIME is supported by most email clients and requires X.509-based certificates.
Using eCATT to maintain roles
The data that is regulated by the structural authorizations must be hierarchically structured in one of the personnel development components. This could be Organizational Management or Personnel Development, for example. Access can thus be regulated relative to the root object within the hierarchical structure.

Once you have edited the role menu, you can customise the actual permissions in the PFCG role. To do this, click the Permissions tab. Depending on the quantity of external services from the Role menu, the authorization objects will appear. The authorization objects are loaded into the PFCG role, depending on their suggestion values, which must be maintained for each external service in the USOBT_C and USOBX_C tables. You can edit these suggested values in the SU24 transaction. Make sure that external services in the Customer Name Room also have the names of external services and their suggestion values in the tables maintained (see Tip 41, "Add external services from SAP CRM to the proposal values"). Visibility and access to external services is guaranteed by the UIU_COMP authorization object. This authorization object consists of three permission fields: COMP_NAME (name of a component), COMP_WIN (component window name), COMP_PLUG (inbound plug).

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

Certain SAP authorizations, including those for table maintenance (S_TABU_*) require special attention for data protection reasons.

Here we show you how these permissions work and how you can restrict them.
Zurück zum Seiteninhalt