SAP Authorizations Perform upgrade rework for Y landscapes permission proposal values

Direkt zum Seiteninhalt
Perform upgrade rework for Y landscapes permission proposal values
Unclear objectives and lack of definition of own security standards
To define the proposed values for the new transaction, use the transaction SU24_S_TABU_NAM. In the selection mask, you can either enter your new Z transaction, or you can enter the SE16 transaction in the Called TA search box. This will search for all parameter transactions that use the SE16 transaction. In the result list, you will find all parameter transactions that use the SE16 transaction as the calling transaction. The last two columns indicate whether the S_TABU_DIS or S_TABU_NAM authorization objects have suggestion values maintained in the SU24 transaction.

This information is used in the name generation of the external service. In this way, all area start pages and logical links configured in a CRM business role are authorised in the form of external services. Due to the mass of external services that appear in the role menu, it is difficult to keep track of them. Now, to allow only certain external services, you can do the following: First, identify the external service using the permission trace.
What to do when the auditor comes - Part 1: Processes and documentation
Then you create a subroutine with the same name as the User-Exit definition and programme your customised checks (for example, for specific data constellations or permissions). Include the exit definition (UGALI) via the GGB0 transaction. You will need to call this transaction again to read the programmed exit and select it.

You will also notice that many tables have the table permission group &NC& assigned to them, and therefore differentiation over table permission groups over the S_TABU_DIS authorization object would not work at all. Furthermore, you cannot assign permissions to only individual tables in a table permission group using S_TABU_DIS. In such cases, the investigation shall continue: If the permission check on the S_TABU_DIS authorization object fails, the S_TABU_NAM authorization object is checked next. Allows you to explicitly grant access to tables by using the table name.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.

You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements.

Next, fill in the transaction SU01 fields with the data from the Active Directory User Set.
SAP Corner
Zurück zum Seiteninhalt