SAP Authorizations Managed Services

Direkt zum Seiteninhalt
Managed Services
SAP Authorizations - Overview HCM Authorization Concepts
Create a function block in the Customer Name Room. You can choose the supplied SAMPLE_INTERFACE_00001650 as the template. For us, it has proven itself, in the name of the new function block, the name BTE and the number of the template (here: 1650).

A typical application arises when a new SAP user is requested. The data owner now checks whether the person making the request and the person to be authorized are at all authorized to do so, what data would be affected, whether an SAP user already exists to whom new roles can be assigned and old ones revoked, whether data access can be limited in time, and so on.
Full verification of user group permissions when creating the user
Let's say that a user - we call her Claudia - should be able to edit the spool jobs of another user - in our example Dieter - in the transaction SP01. What do you need to do as an administrator? Each spool job has a Permission field; By default, this field is blank. If Claudia wants to see a Dieter spool job, the system will check if Claudia has a specific spool job permission with a value of DIETER. Claudia does not need additional permissions for its own spool jobs that are not protected with a special permission value.

After activation, advanced security checks are available in the usual development environment within the ABAP Test Cockpit. The ABAP Test Cockpit is a graphical framework for developers. Various test tools, such as the Code Inspector or the SAP Code Vulnerability Analyser, can be integrated into this. All available test tools can be initiated from this central location and present their results in a common view. No training is required to intuit the tool.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

With the changes mentioned in note 1702113, the S_BTCH_ADM object can be used to restrict the authorization assignment more precisely.

Therefore, particular care should be taken in the dedicated award of this entitlement.
Zurück zum Seiteninhalt