SAP Authorizations Set Configuration Validation - SAP Admin

Direkt zum Seiteninhalt
Set Configuration Validation
Service User
SAP NetWeaver 7.31 introduces a new method for determining affected applications and roles by timestamping (see tip 45, "Using the timestamp in the transaction SU25"). With the Support Package 12 for NetWeaver Release 7.31 and Support Package 4 for NetWeaver Release 7.40 from SAP Note 1896191, the Expert Mode function for taking SU22 data for step 2 has been added.

In addition to your custom authorization objects, you must also express the other relevant CO-PA authorization objects in your users' permissions. As a rule, you must limit access to the result reports of the K_KEB_REP object to the result area and the report name, and limit the functions of the information system in the K_KEB_TC object, such as executing or updating reports. You also need permissions to maintain the authorization objects in customising the result and market segment calculations. To do this, assign permissions to the K_KEPL_BER object. In the CERKRS field, define the result area for which authorization objects are created, and in the ACTVT field, define the activity, where the action 02 is Create and Modify.
Note the effect of user types on password rules
The Security Audit Log (SAL) has ten different filters in the current releases, which control which events are logged. You can configure these filters via the SM19 transaction. The events are categorised as uncritical, serious or critical.

You can use authorization objects to restrict access to tables or their content through transactions, such as SE16 or SM30. The S_TABU_DIS authorization object allows you to grant access to tables associated with specific table permission groups. You can view, maintain, and assign table permission groups in transaction SE54 (see Tip 55, "Maintain table permission groups"). For example, if an administrator should have access to user management tables, check the permission status using the SE54 transaction. You will notice that all the user management tables are assigned to the SC table permission group.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

He decides whether changes need to be made to the building, whether privacy hedges need to be planted in the garden or whether superfluous old appliances need to be disposed of and, if necessary, has a new lock installed immediately if the front door key is lost.

If a function block is not stored there, the call will be blocked.
Zurück zum Seiteninhalt