SAP Authorizations What to do when the auditor comes - Part 1: Processes and documentation

Direkt zum Seiteninhalt
What to do when the auditor comes - Part 1: Processes and documentation
Statistical data of other users
The following sections first describe and classify the individual components of the authorization concept. This is followed by an explanation of which tasks can be automated using the Profile Generator.

The permissions in the NWBC are handled as well as in the normal SAP Easy Access menu. For example, you can assign transactions and Web Dynpro applications to the individual and collection roles in a defined menu structure in the Role menu. The navigation structure of the NWBC reflects the menu structure and settings of the corresponding PFCG role assigned to the user. The folder structure of the Role menu directly affects the navigation bar that is displayed to the user in the NWBC.
Copy values from the Clipboard to the transaction's PFCG permission fields
SAP authorizations are a security-critical and thus an immensely important topic in companies. They are used not only to control the access options of users in the SAP system, but also the external and internal security of company data depends directly on the authorizations set.

You can view the contents of the checked permission fields by double-clicking on the respective variables. The Variables 1 tab displays the variables with the respective values used for this eligibility check. These values correspond to the values that you also see in the System Trace for Permissions. If a permission check ends with SY-SUBRC = 0 when no appropriate permissions are available, verify that the check is turned off locally via the SU24 or globally through the SU25 or AUTH_SWITCH_OBJECTS transactions.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.

However, it is difficult for a support worker to understand permissions errors because they have different permissions and are often missing detailed information about the application where the permission error occurred.

The filter setting in transaction SM19 determines which events should be logged.
Zurück zum Seiteninhalt