SAP Authorizations Authorization tools - advantages and limitations - SAP Admin

Direkt zum Seiteninhalt
Authorization tools - advantages and limitations
Make sense in maintaining proposal values
If you use change request management in SAP Solution Manager, you can use the system recommendations in an integrated way. To do this, create an amendment in the system recommendations for the SAP hints to be implemented. To access the system recommendations, you must have permission for the SM_FUNCS object (ACTVT = 03; SM_APPL = SYSTEM_ REC; SM_FUNC = , such as SECURITY).

If you have created your own applications, we recommend that you always implement your own permission check and do not just rely on application startup permissions such as S_TCODE, S_START, S_SERVICE, and S_RFC. If you want to add your own checks to standard applications, you must first find the appropriate place to implement the check. To develop without modification, SAP offers user-exits or business add-ins (BAdIs) for such cases. Some SAP applications also have their own frameworks in place that allow customisation-free implementation of their own permission checks, such as the Access Control Engine (ACE) in SAP CRM.
User Information System SUIM
By adding certain SAP standard reports and the user information system ("SUIM"), you can quickly identify security-relevant issues and correct any errors. This improves basic management of your existing security concept and protects you against external and internal intrusions. If you need help with your system analysis, please feel free to contact us. Xiting offers you a wide range of services related to SAP Security. Above all, our proprietary security tool, the Xiting Authorizations Management Suite, or XAMS for short, allows you to build a new role concept based on your usage data and even generate a revision-compliant security concept at the push of a button. Why not see for yourself and join one of our many different webinars.

However, the preferred and more comprehensive variant of a programmatic permission check is the use of the AUTHORITY_CHECK_TCODE function block. This function block not only responds to a missing permission when the programme starts, but can also specify that only the NO-CHECK check marks maintained in the transaction SE97 allow external calling from another transaction context. This is determined by the function block and not by the developer.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

The website www.sap-corner.de offers many useful information about SAP basis.


Explicit values must be entered depending on the tables that you have selected for permission.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


If you have a Central User Administration (ZBV) in use, there are certain dependencies between the base release of your ZBV and the base release of the subsidiary systems.
Zurück zum Seiteninhalt