SAP Authorizations Permissions checks - SAP Basis

Direkt zum Seiteninhalt
Permissions checks
Assign SAP_NEW to Test
Secure management of access options in the SAP system is essential for any company. This makes it all the more important to analyze and improve the authorizations assigned. This step serves as optimal preparation for your S/4 HANA migration. Managed Services supports central and efficient administration to ensure an optimal overview. In order to sustainably improve your processes, a database provides information on possible optimizations for SAP licenses.

On the other hand one can call the system trace over the transaction ST01. Here it is possible to set individual filters for the checks. In addition, you can switch off the trade via the "Trace off" button or the F8 key and switch the trace back on via the "Trace on" button that is then displayed or the F7 key. If you click on the button "Evaluation" or the F2 key, you can display the evaluation.
System Users
Compiling and identifying external services in the role menu of CRM business roles is tricky. We show you how to bring order to external services. In SAP Customer Relationship Management (SAP CRM), the role concept is based not only on PFCG roles, but also on CRM business roles. These roles are created in customising and enable the presentation of CRM applications in the SAP CRM Web Client. In order for a user to work in SAP CRM, he needs both CRM business roles that define the user interface and the respective PFCG roles that entitle him to work in the applications. The CRMD_UI_ROLE_PREPARE report identifies and lists all external services defined in the customising of the CRM business role. These are displayed in the role menu of the PFCG role. You will notice, however, that the displayed services represent only a small part of the external services in the role menu.

You can do without taking obsolete profile data into account by adding the correction from SAP Note 1819126 and then setting the REC_OBSOLETE_AUTHS customising switch to NO in the table PRGN_CUST. This correction is also important because it fixes runtime problems when releasing role transports, resulting from the correction in SAP Note 1614407. As a general rule, you should always run bulk transport sharing in the background.

Authorizations can also be assigned via "Shortcut for SAP systems".

Here we show you a section of the table with our example role Z_SE63.

The electronic control check can be performed in Germany on three types of access: Immediate access: The tax authority shall have the right to inspect the stored data (read-only access) and to use the taxpayer's hardware and software to verify the data, including the master data and links.
SAP BASIS
Zurück zum Seiteninhalt