Transports
User administration (transaction SU01)
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system, both externally and internally.
When you start a report with the ABAP statement SUBMIT REPORT, the system checks the authorization object S_PROGRAM, provided that the program has been assigned to a program authorization group in transaction SE38. If this assignment is not sufficient for your system environment, you can define your own group assignment with the report RSCSAUTH. You must check this assignment after installing Support Packages or upgrades and reassign the reports if necessary.
Assignment of critical authorizations and handling of critical users
In addition to SAP standard software, do you also use custom ABAP programmes? Learn how the SAP Code Vulnerability Analyser can scan your customer code for potential security vulnerabilities and resolve them if necessary. Permission concepts, firewalls, anti-virus and encryption programmes alone are not enough to protect your IT infrastructure and IT systems against internal and external attacks and misuse. Some of the risks are identified by potential security vulnerabilities in the ABAP code, most of which cannot be addressed by downstream measures and therefore need to be addressed in the code itself. It should also be noted that the permission concepts used can be circumvented by ABAP code, which underlines the weight of security vulnerabilities in the ABAP code. While SAP is responsible for providing security information to help close security vulnerabilities in standard code, it is up to you to address security vulnerabilities in custom ABAP programmes. Companies are subject to a whole range of legal requirements on data protection and data integrity, and you can fulfil them as far as possible with the help of a new tool. The SAP Code Vulnerability Analyser is integrated into the ABAP Test Cockpit (ATC) and thus available in all ABAP editors such as SE80, SE38, SE24, etc. Developers can use it to scan their code for vulnerabilities during programming and before releasing their tasks. This reduces testing costs and costs.
To define table permissions in the PFCG transaction, it is not necessarily sufficient to specify the generic table display tools, such as the SE16 or SM30 transactions, in the role menu. The proposed values for these transactions are very general and only provide for the use of the S_TABU_DIS or S_TABU_CLI authorization objects. Explicit values must be entered depending on the tables that you have selected for permission. To explicitly grant access to the tables through the S_TABU_NAM authorization object, you can create a parameter transaction for each table access. For example, a parameter transaction allows you to call tables through the SE16 transaction without having to specify the table name in the selection screen because it is skipped. You can then maintain suggestion values for the parameter transaction you created.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Help, I have no permissions (SU53)! You want to start a transaction, but you have no permissions? Or the more complex case: You open the ME23N (show purchase order), but you don't see any purchase prices? Start transaction SU53 immediately afterwards to perform an authorization check.
Again the object CP is not known.