SAP Authorizations Introduction & Best Practices - SAP Admin

Direkt zum Seiteninhalt
Introduction & Best Practices
Emergency user concept
In 2020, there were 82,761 cases of computer fraud in Germany. Five years earlier, the number of cases was significantly lower - 23,562 cases - and have steadily increased from then on. The smaller the group of people with access, the smaller the risk of data falling into the wrong hands. Efficient and well thought-out authorization management plays a key role in minimizing risk and is a good way of protecting against unauthorized access, data misuse and industrial espionage. Without a coherent, well thought-out concept, the regulation of accesses and authorizations for the users or key users of an SAP system is a serious security vulnerability.

It is important for consolidated financial statements to have the same number range in the G/L account masters in different company codes. This is ensured by the tools in the FI module. In addition, the master records can be adjusted so that it is possible to work with the different currencies of the company codes across countries.
Object S_BTCH_ADM (batch administration authorization)
In general, we recommend you to use strong encryption mechanisms and to switch most users to an SSO login. You should then delete the hash values of the user passwords as described above. For release-dependent information on SNC client encryption, see SAP Note 1643878.

In compliance with the minimum principle and the separation of functions, the roles used must be defined, along with specifications for their naming, structure and use. Close attention should also be paid to the application and allocation process in order to prevent authorization conflicts, which arise primarily as a result of employees' changing or expanding areas of responsibility.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

The website www.sap-corner.de offers many useful information about SAP basis.


Roles can be cut so that, for example, they only have display or change permissions.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


Unsuccessful permission checks are now written to a ring buffer of the application server's Shared Memories.
Zurück zum Seiteninhalt