SAP Authorizations Protect Passwords - SAP Basis

Direkt zum Seiteninhalt
Protect Passwords
User administration (transaction SU01)
In contrast to storing passwords in the form of hash values, the user ID and password are transmitted unencrypted during the login of the client to the application server. The Dynamic Information and Action Gateway (DIAG) protocol is used, which may look somewhat cryptic but does not represent encryption. In addition, there is no cryptographic authentication between the client and the application server. This applies not only to communication between the user interface and the application server, but also to communication between different SAP systems via Remote Function Call (RFC). So, if you want to protect yourself against the access of passwords during the transfer, you have to set up an encryption of this communication yourself.

Permissions must have both identical maintenance status (default, maintained, modified, manual) and an identical active status (active or inactive). Exceptions represent changed permissions and manual permissions; these are summarised when the active status is identical.
Controlling file access permissions
Are you sure that your compliance is always ensured when using your SAP system? Would you like to make SAP authorization assignment clearer and reduce the manual workload? Our SAP add-on apm creates simplified processes and thus more transparency in your existing SAP authorization management. Reduce administrative effort and ensure clarity in your compliance solution.

How is it possible to jump from one transaction to another without checking the eligibility for the target transaction? With the CALL TRANSACTION statement! In this tip, we will explain how you can grant permissions for jumps from one transaction to another using the ABAP CALL TRANSACTION command, or actively determine which checks to perform. The CALL TRANSACTION statement does not automatically check the user's permission to perform the invoked transaction. If no verification takes place in the invoked programme, it must be installed in the calling programme by adding additional features for the eligibility check.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

Once a permission concept has been created, the implementation in the system begins.

Now the new suggested values for this external service are loaded.
SAP BASIS
Zurück zum Seiteninhalt