SAP Authorizations Check current situation - SAP Admin

Direkt zum Seiteninhalt
Check current situation
What to do when the auditor comes - Part 2: Authorizations and parameters
If you no longer need old audit results, you can archive or delete them with the transaction SAIS via the button (Administration of the Audit Environment). The audit results shall be selected on the basis of the audit structures, the test numbers or the entry date (see figure next page).

With regard to the SAP authorization system, roles and the associated authorization objects, fields and values represent the foundation. Therefore, these check criteria are in the special focus of the authorization analysis of security-relevant characteristics of each authorization administrator. The report RSUSRAUTH is used to display role or authorization data in the respective client. The report analyzes all role data that are anchored in the table AGR_1251. This allows you to quickly find and clean up incorrect and security-critical authorizations not only by selecting the maintenance status of the authorizations, but above all by storing certain authorization objects and controlling them. This ad hoc analysis thus offers you a time-saving method of checking many roles at once according to your own critical characteristics. You can then make full use of this program by importing SAP Note 2069683.
View system modifiability settings
Depending on your SAP NetWeaver release status, you must include SAP Note 1731549 or a support package. After that, it is no longer possible to create new users whose names consist only of variants of spaces or non-visible special characters. Changes to existing users are still possible. The customising switch BNAME_RESTRICT, also included in SAP Note 1731549, allows you to control whether you want to allow alternate spaces at certain locations of the user ID.

You can use the previously created organisational matrix to either mass create new role derivations (role derivation) or mass update role derivations (derived role organisational values update). For both scenarios, there are separate Web-Dynpro applications, in which you must select the corresponding reference roles.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

On www.sap-corner.de you will also find useful information about SAP basis.


This makes maintenance and servicing very time-consuming and your authorization concept becomes opaque, which in turn brings the much-quoted auditor onto the scene.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


Single Role: Enables the automatic generation of an authorization profile.
Zurück zum Seiteninhalt