SAP Authorizations In-house role maintenance - SAP Admin

Direkt zum Seiteninhalt
In-house role maintenance
Check and refresh the permission buffer
Since SAP NetWeaver 7.02, such a feature is available, which means that you can access the data from the system trace to maintain PFCG roles. In the following we show you how you can apply the permission values from the permission trace to your role. To do this, you must first record applications against their permission checks and then add them to your role menu.

Before you start and define critical permissions, you should identify your core business processes or functions and then map the conflicting processes in meaningful combinations as so-called risk. The RSUSR008_009_NEW report cannot replace a GRC system (GRC = Governance, Risk, and Compliance) with the SAP Access Control component. Rather, this report should be understood and used as an indicator of the current system state. The report identifies the users that have the critical permission combinations defined in the USKRIA table. The identifier, which can also be called a risk ID, describes a combination of authorization objects with field names and field values. These are linked to one of the two operatives AND or OR available.
Custom Permissions
Once the programme implementation and documentation have been completed, a functional test will always follow. A corresponding eligibility test should not be forgotten. The permission test must include both a positive and a negative permission test.

To access business objects or execute SAP transactions, a user needs appropriate authorizations, since business objects or transactions are protected by authorization objects with multiple authorization fields. Authorizations represent instances of generic authorization objects and are defined depending on the employee's activity and responsibilities. The authorizations are combined in an authorization profile (Generated profile), which is assigned to a role. User administrators then assign the appropriate roles (single role or composite role) via the user master record so that the user can use the appropriate transactions for his or her tasks.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


Due to the mass of external services that appear in the role menu, it is difficult to keep track of them.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.


Once you have completed the activities that you need permission checks, i.e. you have finished the trace, you will return to your application in the transaction SU24 and stop the trace by switching off the button trace.
Zurück zum Seiteninhalt