Activity level
Assign SAP_NEW to Test
Similarly, SAP Identity Management version 7.2 SP 3 and above supports the installation of HANA users and the assignment of roles. You can also use Identity Management to add value to the business roles for creating a user with role assignment in the ABAP system and HANA database.
New AP implementation, S/4HANA conversion or redesign of an SAP authorization concept - the complexity has increased enormously and requires a clear structure of processes, responsibilities and the associated technical implementation. New technologies such as Fiori and Launchpads are challenges and reasons to rethink authorization structures.
SAP Security Concepts
SAP's FI module is one of the most common in the SAP world and covers all business processes in the area of finance and accounting. The processes that run through this module are used for double-entry bookkeeping and recording of documents in the required accounts. It also establishes the associated profit determination for external and internal purposes.
With regard to the SAP authorization system, roles and the associated authorization objects, fields and values represent the foundation. Therefore, these check criteria are in the special focus of the authorization analysis of security-relevant characteristics of each authorization administrator. The report RSUSRAUTH is used to display role or authorization data in the respective client. The report analyzes all role data that are anchored in the table AGR_1251. This allows you to quickly find and clean up incorrect and security-critical authorizations not only by selecting the maintenance status of the authorizations, but above all by storing certain authorization objects and controlling them. This ad hoc analysis thus offers you a time-saving method of checking many roles at once according to your own critical characteristics. You can then make full use of this program by importing SAP Note 2069683.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Select a role and click on the "Users" tab.
The password of a system user always has the status Productive and can only be changed by the user administrator.