SAP Authorizations Goal of an authorization concept

Direkt zum Seiteninhalt
Goal of an authorization concept
Integrate S_TABU_NAM into a Permission Concept
You want to maintain suggestion values for existing applications, but are you tired of the time-consuming manual maintenance? There's a new way! Maintenance of proposed values can vary greatly depending on company specifications or security guidelines. Depending on the requirements, the suggested values provided by SAP may be sufficient or need to be supplemented.

New AP implementation, S/4HANA conversion or redesign of an SAP authorization concept - the complexity has increased enormously and requires a clear structure of processes, responsibilities and the associated technical implementation. New technologies such as Fiori and Launchpads are challenges and reasons to rethink authorization structures.
With the help of the SAP-Note 1642106 it is possible to automatically perform the text comparison from SAP NetWeaver AS ABAP 7.0. Inserting the note will automatically perform text matching for any changes to PFCG roles in the central system. We recommend that you install the support package that is appropriate for your release, which is specified in the SAP Note, because inserting the hint requires a lot of manual work. With the help of the SUSR_ZBV_GET_RECEIVER_PROFILES report, you can turn on the new functionality in all subsidiary systems where the correction information has also been recorded. If you run the report in the central system with the default selection, all subsidiary systems are included. You can check whether the function is present in the daughter systems in the report log.

The valid programmes or transactions are stored in the SAP TPCPROGS delivery table, but do not follow a uniform naming convention. Part of the transaction code (e.g. AW01N), part of the report name (e.g. RFEPOS00), or the logical database (e.g. SAPDBADA) is relevant here. Logical databases (e.g. SAPDBADA, SAPDBBRF) are basic data selection programmes and are particularly used in financial accounting. The permission checks, including the time period delimitation, are implemented in the logical database and work for all reports based on a logical database (e.g. the RAGITT00 grid is based on SAPDBADA and the RFBILA00 balance sheet report is based on SAPDBSDF). When you copy the values from the TPCPROGS table, the TPC4 transaction is quickly configured.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.

Sometimes, new transaction codes replace old transaction codes.

You may ask yourself in which cases it makes sense to adjust the proposed values, since they have such a large impact on the maintenance of roles.
SAP Corner
Zurück zum Seiteninhalt