SAP Authorizations Basics SAP Authorizations including Fiori - Online Training - SAP Admin

Direkt zum Seiteninhalt
Basics SAP Authorizations including Fiori - Online Training
Criticality
If you want to set the table logger check for multiple tables, you should note that the principles for changing Dictionary objects apply, i.e. you will generate increased system loads in running systems. Therefore, you should make both the modification and the transport of the changes outside of business hours. The SAP system only provides customising tables for table logging by default; so you don't have to worry about performance. Tables that serve to customise typically contain relatively little data that is rarely changed. However, you should not turn on table logging for tables that are subject to mass changes, as there may be performance and disk space issues. This applies to tables with root or movement data. After all, if table logging is enabled, a log entry in the DBTABLOG table is generated for each change to the contents of a logged table.

SAP authorizations control the access options of users in an SAP system, for example to personal data. Managing this access securely is essential for every company. This makes authorization concepts, authorization tools and automated protection of the SAP system all the more important.
SAP FICO Authorizations
You must set up a message class for later use. To do this, you will be prompted automatically when the transaction GGB0 is first called. If some relevant fields of the complete document are hidden, i.e. not available, please refer to the instructions in the SAPHinweis 413956. Set up validation in the GGB0 transaction (such as GALILEO) and determine the steps of validation. In the validation process, copy the RGGBR000 programme into your Customer Name Room, replacing the last three characters with the number of the client in which the validation will be performed. Then assign your new customer-owned programme with the GCX2 transaction to the GBLR user exit control workspace. This assignment has created the prerequisite for client-dependent user exits. If you want to set up a client-independent user exit, do the same, but use the transaction GCX1.

If you want to allow users to access only individual table rows, you can use the S_TABU_LIN authorization object, which allows access to specific rows of a table for defined organisational criteria. A prerequisite for this type of permission is that the tables have columns with such organisational values, such as the work, country, accounting area, etc. You must now configure these organisational values in the system as organisational criteria that represent business areas; serve as a bridge between the organisational columns in the tables and the permission field in the authorization object. Since the organisational criteria are found in several tables, this eligibility check need not be bound to specific tables and can be defined across tables.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.


This entry only forces a permission check on S_PATH and the ALL permission group; You should, however, only grant such permission very restrictively.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


If ESS/MSS or Manager Desktop etc.
Zurück zum Seiteninhalt