SAP Authorizations Concept for in-house developments - SAP Admin

Direkt zum Seiteninhalt
Concept for in-house developments
Debug ABAP programs with Replace
The SAP standard allows you to evaluate the statistical usage data via a standard function block. The call is made through the transaction SE37. Select here the function block SWNC_GET_WORKLOAD_STATISTIC. The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.

If the security advice change affects normal programme flow, you should schedule application tests. If only exceptional treatments are adjusted, you can omit or severely limit the test.
Displaying sensitive data
The SAP authorization concept ensures that no unauthorized access can be made to transactions, programs and services in SAP systems. To call up business objects or execute transactions in the SAP system, a user therefore requires the appropriate authorizations. When called, the application started via a transaction checks whether the authorization exists and whether the user is allowed to perform the selected operation.

You can also remove customer-specific organisational levels and convert them to a simple permission field. The report PFCG_ORGFIELD_DELETE serves for this purpose. It removes the permission field from the USORG table and changes the permission proposal values to that field. Finally, it goes through all the rolls that contain a shape to the field. However, it does not restore the old location of the field, because summarised values will no longer be separated when the field is elevated to the organisational level. Instead, the aggregated values are entered separately in each field. The PFCG_ORGFIELD_DELETE report also provides a value aid that shows only the customer's organisational levels. You can also use this value aid to determine all customer-specific organisational levels.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Some useful tips about SAP basis can be found on www.sap-corner.de.


In order to be able to act fully at all times in emergency situations, an SAP emergency user must be available who has all authorizations for the entire SAP system (typically by means of the composite profile SAP_ALL).

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


In the development and creation of authorization objects, some functionalities of the SAP hint are extremely helpful, which we present in this tip.
Zurück zum Seiteninhalt