SAP Authorizations PROGRAM START IN BATCH - SAP Basis

Direkt zum Seiteninhalt
PROGRAM START IN BATCH
FAQ
We are often asked how permissions are properly assigned to schedule background jobs and manage those jobs. Just follow the guidelines below. Whenever you want programmes to run periodically at specific times without user interaction, or when their runtime should not interfere with normal dialogue operations, schedule them as batch jobs in the background. The scheduling and editing of batch jobs is regulated by permissions, which are often not clear about their use. We therefore explain to you what permissions are necessary for and which authorization objects are important.

A troublesome scenario you're probably familiar with: You will soon be going live with a new business process and must now derive your roles in 97 accounting circles. Here eCATT can make your life easier. It's time again: If you don't have anyone in your department who likes to press the Copy button for several hours in the PFCG transaction, replace the Derive shortcut, and then customise the Organisation Levels (Origen) in the new roles on the Permissions tab (repeatedly connected to memory), the job will hang on you. Because there is hardly anything more boring, at the latest after one hour the first errors creep in. Whenever you have to roll out new roles, for example for your new premium business, to all your divisions, plants, etc. , the creation of the derived roles is tedious - because SAP does not offer smart mass maintenance. The SAP standard offers various ways to record and play on a massive scale. These tools are generally available for all operations in the SAP system, not just for role maintenance. Therefore, they are also more complex to operate, in order to be able to cover as flexibly as possible all possible application scenarios. eCATT is also no exception, so many users are still afraid to use it. But we can tell you from experience: After the second or third time, the creation of the test scripts is so quick that you'll wonder why you haven't always done it this way.
Installing and executing ABAP source code via RFC
Authorization tools are a great help in designing a highly automated compliance management system that precisely fits the company's own requirements. The introduction of authorization tools takes some time, but should nevertheless be tackled by companies in order to increase efficiency in the long term and save costs at the same time.

Many tools that offer to simplify care operations of the transaction PFCG work Excel-based. The complete roll data is stored and processed in Excel. Then the Excel file is uploaded with a special programme and generates roles and role changes. While this all looks very comfortable (and probably is at first), it has its drawbacks in the long run.

Authorizations can also be assigned via "Shortcut for SAP systems".

There are no general definitions of risk; Therefore, each company should define the compliance requirements for itself.

In principle, user login to the application server can then be restricted by setting the new login/server_logon_restriction profile parameter.
SAP BASIS
Zurück zum Seiteninhalt