Immediate authorization check - SU53
Essential authorizations and parameters in the SAP® environment
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
Similarly, SAP Identity Management version 7.2 SP 3 and above supports the installation of HANA users and the assignment of roles. You can also use Identity Management to add value to the business roles for creating a user with role assignment in the ABAP system and HANA database.
Maintain authorization objects more easily
The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept. The checks allow incorrect authorizations to be identified and rectified without a redesign.
A careless handling of the permissions with sensitive employee data can go quite nicely in the pants. Prevent uncontrolled and extensive reporting access to your HCM data by properly using the P_ABAP authorization object. In many companies, the correct use of P_ABAP is not known. As a result, there are often false expressions that, in the worst case, allow uncontrolled reporting access to all data in the logical database PNPCE (or PNP). This way, you can again erase your access restrictions, which were previously painstakingly defined in a permission concept. Therefore, it is necessary to test the use of P_ABAP in individual cases and to use the existing limitations. In the following we describe the logic behind this authorization object and what it is important to avoid.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Entry into role maintenance requires the transport permission (S_USER_AGR, ACTVT = 02) in addition to the modification permission (S_USER_AGR, ACTVT = 21).
Authorization field: Authorization fields are the basic elements of an authorization object.