SAP Authorizations Basics SAP Authorizations including Fiori - Online Training - SAP Admin

Direkt zum Seiteninhalt
Basics SAP Authorizations including Fiori - Online Training
Perform Risk Analysis with the Critical Permissions Report
You can also evaluate the application log through the SLG1 (ATAX object) transaction; the output of the report CA_TAXLOG seems more useful here. Finally, we have some important information for you: There are individual programmes that can be used read-only, but also offer options for updates to the database. In these cases, additional logic was implemented (e.g. in SAP Note 925217 to the RFUMSV00 programme for the sales tax pre-reporting). Action log data can be accessed via the transaction SLG2 (Object: ATAX) (see also SAP Note 530733). If you want to customise for the annual permissions directly in the production system (so-called "current setting"), the SAP Note 782707 describes how to do this. Basic information about Current Settings is provided in SAP Notes 135028 and 356483. SAP Note 788313 describes in detail the functional components of the time-space test and the additional logging and also serves as a "cookbook" to use in customer-specific developments. How you can prevent access to the SAP menu and only show the user menu to the user, we described in Tip 47, "Customising User and Permissions Management".

The assignment of combinations of critical authorizations (e.g., posting an invoice and starting a payment run), commonly known as "segregation of duties conflicts," must also be reviewed and, if necessary, clarified with those responsible in the business departments as to why these exist in the system. If compensating controls have been implemented for this purpose, it is helpful if the IT department also knows about this so that it can name these controls to the IT auditor. The IT auditor can then pass this information on to his or her auditor colleagues.
Authorization roles (transaction PFCG)
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.

Access options and authorizations are defined and controlled in the SAP authorization concept. How secure business data is in SAP depends largely on the assignment of authorizations and access options for a company's users.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

Some useful tips about SAP basis can be found on www.sap-corner.de.


However, you want to keep your SU24 data and add to the proposed changes for the new release!

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


This ensures that system performance remains optimal.
Zurück zum Seiteninhalt