SAP Authorizations Optimise trace analysis - SAP Basis

Direkt zum Seiteninhalt
Optimise trace analysis
Security Automation for SAP Security Checks
In everyday role maintenance, you often have to change the permission data of a single role again after you have already recorded the role in a transport order along with the generated permission profiles. In this case, you have previously had to create a new transport order because the table keys of the generated profiles and permissions are also recorded for each individual role record, but are not adjusted for subsequent changes in the role data.

User master record - Used to log on to the SAP system and grants restricted access to SAP system functions and objects via the authorization profiles specified in the role. The user master record contains all information about the corresponding user, including authorizations. Changes only take effect the next time the user logs on to the system. Users already logged on at the time of the change are not affected by the changes.
Adjust tax audit read permissions for each fiscal year
Customising the organisational criteria is cross-client. Activation of the organisational criteria depends on the client. If you want to use these permissions in different clients, you must activate the respective organisational criteria for the respective client. Now you can use the organisational criterion in your PFCG role. To do this, enter the S_TABU_LIN authorization object with the organisational criterion you created. Assign the respective attributes with the organisational values for which the user should be entitled. Along with the individual values, you can specify intervals for your organisational criterion so that you can assign permissions to users for multiple organisational values.

After these preparations, we now proceed to the expression of the User-Exit in the validation that has just been created. To do this, you copy the User-Exit definition in the created custom programme, specify a name for the User-Exit definition (e.g. UGALI) and create a new text element.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

This does not mean, of course, that there are not very good partner products for the care of roles.

In the Table Rights Group overview, click the New Entries button to create a new table permissions group.
SAP BASIS
Zurück zum Seiteninhalt