SAP Authorizations Concept for in-house developments

Direkt zum Seiteninhalt
Concept for in-house developments
Define security policy for users
This solution is only available with a support package starting with SAP NetWeaver AS ABAP 7.31 and requires a kernel patch. For details on the relevant support packages, see SAP Note 1750161. In addition, the SAP Cryptographic Library must be installed; but this is ensured by the required kernel patch. Only if you have manually made a different configuration, you must check this requirement.

Roles reflect access to data depending on the legitimate organisational values. This information should be part of the naming convention, as these roles differ only in their organisational but not in their functional form.
Use the authorisation route to identify proposed values for customer developments
You are using the SAP_ALL profile for interface users, and after upgrading to a new Support Package, do you get permission errors? While we cannot recommend using the SAP_ALL profile, we describe how you can resolve this problem in the short term. In newer SAP NetWeaver releases, the SAP_ALL profile no longer contains permissions for the S_RFCACL authorization object. This can lead to permission errors, such as for interface users who have the SAP_ALL profile assigned to them. Please note that we can only recommend using the SAP_ALL profile for absolute emergency users. Therefore, instead of applying this tip, you should preferably clear the permissions of your interface users. To learn how to do this, see Tip 27, "Define S_RFC permissions using usage data." However, such a cleanup of the privileges of your interface users cannot happen overnight. Therefore, we will explain how to resolve the issue in the short term.

You can influence the default behaviour of various transactions and parameters with the customising switches for the maintenance of Session Manager and Profile Generator as well as the user and permission management. The SSM_CID table gives you an overview of all customising switches supplied by SAP, specifying the relevant tables SSM_CUST, SSM_COL, PRGN_CUST and USR_CUST. The short description of the customising switch refers to the relevant and current SAP references. The actual settings can be found in the SSM_CUST, PRGN_CUST and USR_CUST tables.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.

You will now get a list of applications that you need to match.

To do this, you must first perform the user master synchronisation.
SAP Corner
Zurück zum Seiteninhalt