SAP Authorizations Optimise trace analysis - SAP Basis

Direkt zum Seiteninhalt
Optimise trace analysis
User Interface Client Permissions
In the simulation overview you will now receive all the information you already know from the authorisation maintenance in the transaction PFCG. The results are presented in a table where each row corresponds to a value interval of a permission. The Object column specifies the authorization object. Use the Active/Inactive column to determine if the permission has been disabled. The Maintenance Status and Update Status columns provide information about the status of the permission and how the permission has been updated. In the Permissions Comparison column, you can find out what exactly changed on the permission, such as whether a permission has been deleted or added anew, or whether the field values in the permission have been updated. You can find information about the field values in the Value Comparison column, which shows whether values have remained the same, whether they have been added or deleted. The values that were actually deleted and added can be seen in the columns from Value to Value (see figure next page). Please note that this is only a simulation. You must still perform the actual mixing process in the permission maintenance. Because reel mixing is not only a factor in upgrade work, the transaction SUPC also provides the ability to call this simulation mode. In the overview of the selected rolls you will find the button Mix which simulates the mixing process.

Single sign-on (SSO): This solution is useful if you have not yet used SSO for your SAPS systems or if not all SAP systems are integrated into the SSO solution. In such cases, you must implement the Web application in a system that supports SSO logins, such as Central User Management (ZBV), SAP Identity Management (ID Management), or Active Directory (AD).
Maintaining Authorization Objects (Transaction SU21)
Together with you, we develop suitable authorizations for your systems and processes. In workshops with your departments, we create concepts to assign the required rights to employees. The goal is to define so-called job roles, which represent job profiles at the job level.

You can use the function block level permission check by setting the FUNC value in the RFC_TYPE field in the S_RFC authorization object. If you still want to allow function groups, specify the value FUGR here. Depending on the RFC_TYPE field, type the name of the function block or group in the RFC_NAME field (name of the RFC object to be protected). This extension of the test is provided by the correction in SAP Note 931251.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

However, you should always exercise caution and check whether the application has already created sum records or whether there are other dependencies.

The call to your implementation of the BAdIs is the last step in the process of storing user data.
SAP BASIS
Zurück zum Seiteninhalt