SAP Authorizations Know why which user has which SAP authorization - SAP Admin

Direkt zum Seiteninhalt
Know why which user has which SAP authorization
Customising User and Permissions Management
The assignment of the SAP_ALL profile is not required for the operation of an SAP system; therefore, a yellow icon will appear for the first check once a user has assigned the profile. For the other six checks on critical base permissions, the yellow icon will be displayed when a client is found on the system and at least one of the following two conditions applies: More than 75 users have the permission checked in this check. More than 10% of all users have the permission checked in this check, but at least 11 users.

Once you have logged in, the permissions associated with your user (via the user account) will be available. Each of your actions leads to the use of runtime versions of the corresponding objects. This also applies to every privilege and role. Runtime versions of rolls are not transportable in SAP HANA. However, in order to achieve a high quality in the development of your applications, you should use a system landscape with development system (DEV), quality assurance system (QAS) and productive system (PRD). To enable you to translate development results to QAD and PRD, SAP HANA Studio provides you with the opportunity to create objects in a (freely definable) Design Time Repository that you can provide and transport via Delivery Units to other systems.
Standard authorisation
To maintain open permission fields in roles, you need information from the Permissions System Trace. But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually. The information on which values can be entered can be read from the Permissions system trace and maintained manually in the PFCG role. However, this can be very complex, because a function that takes these values into the PFCG role has been missing.

Standard permissions required for a functionally fully descriptive role should be maintained accordingly. It is recommended to disable and not delete unneeded permissions, or even entire permission branches. Permissions that have been set to Inactive status are not reinstated as new permissions in the permission tree when they are reshuffled, and those permissions are not included in the profile generation process, and thus are not assigned to a role in the underlying profile.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


You want to create a permission concept for applications that use SAP HANA? Find out what you should consider in terms of technical basics and tools.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


By correcting SAP Note 1692243, you can now also use the report in a ZBV (Central User Management) environment; It is no longer limited to individual clients.
Zurück zum Seiteninhalt