Analyse and evaluate permissions using SAP Query
Use timestamp in transaction SU25
You should therefore enforce cryptographic authentication and communication encryption by setting up Secure Network Communication (SNC). SNC provides a strong cryptographic authentication mechanism, encrypts data transmission, and preserves the integrity of the transmitted data. For some time now, SNC is freely available without a SSOMechanism (SSO = Single Sign-on) for SAP GUI and the RFC communication of all SAP NetWeaver customers. You should always implement SNC between SAP GUI and application server, as this communication can also run over open networks. For RFC communication, you need an SNC implementation if you think the data transfer could be intercepted.
Today we come to the error analysis with authorizations. The best thing that can happen is the error of the type: "I don't have authorization to do this and that!" (CASE1). Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2). How to proceed? First of all we come to case 1 This case, that someone has no authorization for something, supports the system excellently! The code word is SU53! If a transaction encounters an authorization error, then this error is written to a memory area that can be displayed. For this there is once the transaction SU53 or the menu selection "System/Utilities/Anc authorization check". With this function, the system outputs information showing which authorization objects are missing for the user.
SAP license optimization
The implementation of the time-space validation checks is carried out as an additional time-space filter. For selection criteria outside the valid time period, the message "Not authorised to display data from this time period" appears. However, if the selection criteria are partially within the valid time period, the documents that are outside the time period will be filtered out by the system without the user receiving a notice. In the example shown in the above figure, users of the BP-NRW Verifier Group would be left without comment when calling the vendor list for the period 01.01.2010 to 31.12.2014. This system behaviour can be somewhat irritating.
Different users in your SAP system will have different password rules, password changes, and login restrictions. The new security policy allows you to define these user-specific and client-specific. It happens again and again that there are special requirements for password rules, password changes and login restrictions for different users in your SAP system. There may be different reasons for this.
Authorizations can also be assigned via "Shortcut for SAP systems".
The evaluation is similar to the evaluation of the system trace in the transaction ST01.
Just like the general authorizations in SAP ECC HR, they enable regulated access to data in time-dependent structures.