SAP Data Analytics
Authorizations
You can greatly facilitate the maintenance of permissions in controlling by defining the RESPAREA field as the organisational level, and thus using your cost centre and profit centre hierarchies. In the SAP system, you can define cost centre hierarchies and profit centre hierarchies. For example, they can map the expiration organisation or a matrix organisation in your company. To facilitate the mapping of permissions for the controlling reports, you can grant permissions to nodes in those hierarchies. You can do this by assigning permissions through the RESPAREA field, which is used in certain authorization objects in the controlling. We would like to facilitate the creation of roles for these permissions by explaining to you which activities are necessary in advance to define the RESPAREA field as an organisational level.
Permissions are often not restricted because there is often no information about how the object should be shaped. The identification of the required functional components is often considered to be too burdensome and the risks from a lack of limitation are considered to be too low.
Maintain proposed values using trace evaluations
One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces. In principle, interfaces within a transport landscape should be avoided with regard to the criticality of the systems "uphill", i.e. from an "unsafe" to a "safe" system (e.g. E system to Q or P system). However, this cannot always be implemented; for example, such interfaces are needed within the transportation system. Without going too deeply into the subject, however, critical interfaces can be characterized by the following properties. Critical interfaces refer to a critical system and a critical client, contain an interface user with critical authorizations in the target client, contain its deposited password.
When defining the development policy, you should ensure that the appropriate attention is paid to access security. Customised programmes or customisations in the SAP Code Inspector ensure that all developers working in the company comply with these guidelines. Verification of compliance with the development directives should be an essential part of quality assurance before the programmes are used productively. The SE38 and SA38 transactions should not be allocated in the productive system and custom programmes should be included in own transaction codes. Permissions are then set up only for these transactions.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
There is the possibility to link multiple tables (join), which makes multiple SE16 queries just one SAP query.
The CALL TRANSACTION ABAP command does not cause a transaction startup permission check.