The SAP authorization concept
Authorization objects
Not all users should be able to log on to the application server during your maintenance? Use the security policy and a new profile parameter. When you are performing maintenance work on your SAP system, it is always necessary to prevent users from logging into the application server. This often excludes a small group of administrators who are still allowed to log on to the system. Until now, users had to be locked and the group of administrators excluded from this lock. This is now easier by using the security policy in combination with the login/server_logon_restriction profile parameter.
By default, the transactions from the role menu can be found here as derived authorization values. Over the value assistance (F4) can be called partially the available functions fields to these field.
What are the advantages of SAP authorizations?
It is important for consolidated financial statements to have the same number range in the G/L account masters in different company codes. This is ensured by the tools in the FI module. In addition, the master records can be adjusted so that it is possible to work with the different currencies of the company codes across countries.
Your compliance requirements specify that background jobs that are used should be maintained with permission proposals? We'll show you how to do that. Particularly in the banking environment, there are very strict guidelines for the permissions of background jobs used for monthly and quarterly financial statements, etc. Only selected users or dedicated system users may have these permissions. In order to clearly distinguish these permissions from the end-user permissions, it is useful to explicitly maintain the permissions for specific background jobs with suggestion values, so that these values can be used repeatedly to maintain permissions and are therefore transparent. You may have noticed that in the transaction SU24 you have no way to maintain background job credentials. So what's the best way to do that?
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Configuration validation gives you an overview of the homogeneity of your system landscape.
These are mainly found in the folders of the homepage and under GENERIC_OP_LINKS.