SAP Authorizations Consolidate user-level role mapping

Direkt zum Seiteninhalt
Consolidate user-level role mapping
RSRFCCHK
Which authorization objects are checked (SU22)? When calling a transaction, such as the ME23N, various authorization objects are checked. You can get an overview as follows: Call transaction SU22 (SAP tables) or SU24 (customer tables), enter e.g. "ME23N" in "Transaction code" and execute the transaction. As a result you will see all authorization objects that are checked when calling transaction ME23N.

The permission check for the S_PATH object is performed as described only for files corresponding to a path with a permission group in the SPTH table. In our example, you should grant permission for the S_PATH object with the value FILE in the FS_BRGRU field to access files with the path /tmp/myfiles*. Note that the authorization object only distinguishes two types of access. These two values summarise the access types of the S_DATASET authorization object. The value Modify corresponds to the values Delete, Write, and Write with Filter; the value View corresponds to Read and Read with Filter.
Displaying sensitive data
Delete invalid SU24 Checkmarks: This function deletes all records that contain an unknown value as a check mark. This is either C (Check) or N (Do Not Check).

For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

In such extensions or your own programmes, you must implement permission checks and may also create your own authorization objects.

Many companies also have the requirement to present the events of the Security Audit Log in other applications.
Zurück zum Seiteninhalt