Audit Information System Cockpit
Retain the values of the permission trace to the role menu
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system, both externally and internally.
Wildgrowth of characters used in user IDs can have negative effects. Set a bar on it by limiting the character set in the first place. In the SAP system, depending on the release of the SAP_BASIS software component, you can create users whose names may contain "alternative" spaces. In Unicode systems, there are different spaces, which are represented by different hexadecimal values. The usual space has a hexadecimal value of 20, but there are alternative spaces (wide spaces), which can be recognised, for example, as double width or not at all as character spacing. You can use these alternate spaces when entering the user ID by pressing the Alt key. For example, the key combination (Alt) + 0160 can create a space with a non-breaking space. You can also create a user whose ID consists only of alternate spaces. Users with such IDs will write all change documents, but the IDs can still cause confusion if, for example, they are not recognisable as a user ID or if it appears that no user is displayed for the change document. In addition, certain special characters may cause problems in other applications (e.g. in transport management). Therefore, we will show you how to prevent such problems by limiting the character set.
Analyse and evaluate permissions using SAP Query
Another important authorization object for background processing is the object S_BTCH_NAM, which allows a user to run the steps of a job under another user (see SM36 -> Edit step). Here, a name other than the user's own can be entered in the user field of a step. The prerequisite is that the job scheduler has an authorization for the object S_BTCH_NAM, which contains the name of the step user, and that the step user exists in the same client as the job scheduler itself. From 4.6C: The step user must be of type Dialog, Service, System or Communication.
Are you using the result and market segment statements and need permission checks for combinations of characteristics and key figures not included in the standard? To do this, create specific authorization objects. You can define key figures and result objects (groups of characteristics) for the planning and information system in the result and market segment calculation (CO-PA). You may also want to control permissions by using these characteristics or key numbers. This cannot be reflected with the default authorization objects. Therefore, create authorization objects in the customising of the result invoice.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Just follow the guidelines below.
Alternatively, you can let the user inherit the user type of a reference user or classify it via an associated role.