SAP Authorizations Set up permission to access Web Dynpro applications using S_START

Direkt zum Seiteninhalt
Set up permission to access Web Dynpro applications using S_START
Important components in the authorization concept
There are extensive revision requirements for password rules. Learn how to define these requirements globally, which special characters are accepted by the SAP standard, and how to set the parameters for generated passwords. Do you not want to use SAP's standard password creation rules, but rather make your own password requirements for your users? Do you need to implement internal or external security requirements, such as audit requirements? You do not want to allow certain words as passwords, exclude certain special characters or change the formats of passwords generated by the SAP system? In the following we give you an overview of the possible characters, the existing profile parameters and the customising settings for passwords.

You must enable a role that you have created as a Design-Time object in the Design Time Repository before it can be associated with a user. To do this, use Project Explorer to select the role you want to enable and select Team > Activate from the shortcut menu. This will create a runtime object of this selected SAP HANA role. This object is also understood as a catalogue object and is incorporated in the Roles branch in the corresponding SAP HANA system.
Advantages of authorization concepts
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.

The chapter on authorization recertification should also be defined in the authorization concept, which is documented in writing. This refers to a regular review of the assigned authorizations in the SAP® system, to be performed at least once a year. In the course of this process, the responsible departments should review the assignment of the respective roles to users in their area and critically scrutinize it once again. This process ultimately ensures that users only have the authorizations in the SAP® system that they actually need. It must therefore be defined in which time period and in which form the departments must receive the information about the assigned authorizations and report back regarding the correctness of the assignment. During preparation, it is therefore necessary to check whether the process has been carried out in accordance with the internal specifications, but also in accordance with possible suggestions for optimization made by the auditor, and whether all the evidence is stored ready to hand for the auditor.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

You have added the S_TABU_NAM authorization object to your permission concept, so that users can access the tables not only through the S_TABU_DIS authorization object, but also through S_TABU_NAM.

In addition to existing authorization objects, you can also create your own authorization objects and select existing authorization fields such as Activity (ACTVT).
SAP Corner
Zurück zum Seiteninhalt