SAP Authorizations Challenges in authorization management - SAP Admin

Direkt zum Seiteninhalt
Challenges in authorization management
Read the old state and match with the new data
Confidential information from your SAP system can also be sent by email. Make sure that this data is only transmitted encrypted. Your SAP system contains a lot of data, which is often confidential. This can be business-critical or personal data or even passwords. It happens again and again that such data must also be sent by e-mail. Therefore, make sure that this information is always encrypted and signed if necessary. Encryption is intended to ensure the confidentiality of the data, i.e. that only the recipient of the e-mail should be able to read it. The digital signature serves the integrity of the data; the sender of an e-mail can be verified. We present the configuration steps required for encryption and provide examples of how to encrypt the sending of initial passwords. There are two ways to encrypt and sign emails in the SAP system: via SAPconnect, via a secure third-party email proxy.

Once you have edited the role menu, you can customise the actual permissions in the PFCG role. To do this, click the Permissions tab. Depending on the quantity of external services from the Role menu, the authorization objects will appear. The authorization objects are loaded into the PFCG role, depending on their suggestion values, which must be maintained for each external service in the USOBT_C and USOBX_C tables. You can edit these suggested values in the SU24 transaction. Make sure that external services in the Customer Name Room also have the names of external services and their suggestion values in the tables maintained (see Tip 41, "Add external services from SAP CRM to the proposal values"). Visibility and access to external services is guaranteed by the UIU_COMP authorization object. This authorization object consists of three permission fields: COMP_NAME (name of a component), COMP_WIN (component window name), COMP_PLUG (inbound plug).
Maintain proposed values using trace evaluations
If the programme determines that both of the criteria set out in the previous bullet points are met, the criterion of equality shall apply. This means that the proposed values of the permission that is already in place and to be added will come from the same transaction. Thus, the programme does not add a new default permission to the permission tree.

You can use the Security Audit Log to control security-related events. Learn how to configure it to monitor the operations that are relevant to you. You want to use the Security Audit Log to monitor certain security-related operations or particularly well-authorised users in the SAP system. For example, you can log failed RFC calls system-wide, delete users, or log all activities of the default user, DDIC. For these loggers you need different recording filters and, if necessary, the possibility to select generic clients or users. Therefore, we will show you the settings you can make when configuring the Security Audit Log.

Authorizations can also be assigned via "Shortcut for SAP systems".

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


For result and market segment accounting, you can define planning authorization objects, the information system, and item-based reports of the information system.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


In the selection screen of the report that appears, you can select the multiple selection to the User field by clicking the arrow button and insert the users from your selection by pressing the button (upload from clipboard).
Zurück zum Seiteninhalt