Authorization concept
User and authorization management
Setting the confidentiality or encryption markers in the SEND_EMAIL_FOR_USER method affects the display of the e-mail in Business Communication Services Administration (transaction SCOT). If the email is marked as confidential, it can only be viewed by the sender or the creator of the email. The sender and the creator need not necessarily be identical, for example, if you have entered the system as the sender. The e-mail creator is the one who ran the application in the context of which the e-mail was created. The encryption flag also automatically sets the confidentiality of the email. The e-mail is not stored in the system in encrypted form, but is protected against unauthorised access by the confidentiality flag. However, access by the sender or creator is still possible. You should also note that the subject of the email is not encrypted.
Many companies are currently converting their current SAP systems from an ERP state to an SAP S/4HANA system. Through this conversion, many technical and also organizational components come upon the respective companies. The time factor for determining, organizing and implementing the necessary components should not be underestimated. The area of security is often neglected in thought, but can lead to major problems and possibly image-related damage - and resulting financial losses - in retrospect. For this reason, the implementation of a comprehensive authorization concept should be considered as early as possible in the project phase, as several components are intertwined here.
Customise Permissions After Upgrade
SAP authorizations are not exclusively an operational issue - they are also essential for risk management and compliance and represent one of the key audit topics for internal auditing and auditors. In most cases, the different rules according to which the risks of SAP authorizations are assessed are problematic.
Let's say that a user - we call her Claudia - should be able to edit the spool jobs of another user - in our example Dieter - in the transaction SP01. What do you need to do as an administrator? Each spool job has a Permission field; By default, this field is blank. If Claudia wants to see a Dieter spool job, the system will check if Claudia has a specific spool job permission with a value of DIETER. Claudia does not need additional permissions for its own spool jobs that are not protected with a special permission value.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
As already mentioned, it is assumed that no production-related data is kept in the development system, so the data listed below is considered to be the most sensitive.
Also continue with other authorization objects.