SAP Authorizations Configure Security Audit Log - SAP Admin

Direkt zum Seiteninhalt
Configure Security Audit Log
Implementing CRM Role Concept for External Services
You can also use the SU53 transaction to centrally view failed permission checks. Open the transaction and go to Permissions > Other Users or F5 to the User Selection menu. Enter the user whose permissions have failed in the field with the same name. In the results list, you can see permissions that have failed for each user, as in our example, the missing permission to display the AGR_1251 table. You can see that more than one authorization object appears in this evaluation.

You can also monitor security alerts from the Security Audit Log via the Alert Monitoring of your Computing Centre Management System (CCMS). The security warnings generated correspond to the audit classes of the events defined in the Security Audit Log. Many companies also have the requirement to present the events of the Security Audit Log in other applications. This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs. You must follow the XMI interface documentation to configure it. You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template. A description of this programme can be found in SAP Note 539404.
Security Automation for HR Authorizations
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.

Employees should only be able to access data relevant to their work, country or accounting area in tables? Set up organisational criteria to ensure this. Do you want users to be able to read or maintain specific tables, but only have access to the table contents that are relevant to them? The S_TABU_DIS and S_TABU_NAM permissions objects allow you to access the tables, but if you want a user to see or maintain only parts of the table, these authorization objects will reach their limits.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

On www.sap-corner.de you will also find useful information about SAP basis.


Authorizations represent instances of generic authorization objects and are defined depending on the employee's activity and responsibilities.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


As a result, a controller of a business unit, for example, can only view the consolidated figures of his business unit, but not the figures of the entire group.
Zurück zum Seiteninhalt