SAP Authorizations Map roles through organisational management - SAP Admin

Direkt zum Seiteninhalt
Map roles through organisational management
Architecture of authorization concepts
The S_START boot authorisation check is delivered inactively by SAP. If this test is activated in an AS-ABAP installation (see also SAP Note 1413011), this will affect all clients. Therefore, before you activate, it must be ensured that all affected users in the permission profiles associated with them have the necessary values in the S_START permission fields.

Locking and validity of the user account is done through the user administrator and is also valid for other authentication procedures. This means that a login via SSO is not possible for an invalid user or a user with administrator lock. We therefore always recommend that you prevent access to the system by setting the validity of users. Setting validity on assigned roles also prevents the user from performing actions in the system, but does not generally prevent them from logging in.
Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
The SAP NetWeaver Application Server ABAP 7.31 changed the way the transaction SU25 works, especially from step 2a to the automatic suggestion value matching with SAP values. Now, this compares which records have been updated using time stamps. This makes it possible to run Step 2a separately for software components installed afterwards. Another advantage is that the objects to be edited can be better identified due to the time stamp. Before SAP NetWeaver 7.31, the applications to be matched for step 2a have been registered with their base release versions, which you can see in the USOB_MOD or TCODE_MOD tables.

Since Release 4.6D, the system creates a new folder for each of the roles included in the pulley when rebuilding a Collective Roll menu at the first hierarchy level, and only then the corresponding menu is located. You can decide whether the text of each folder should consist of the technical name or the short text of the role. This function can be disabled by customising.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


For details on the relevant support packages, please refer to SAP Notes 1921820 and 1841643.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


In all scenarios, the user selects the system and the client in which a password is to be reset from a web page.
Zurück zum Seiteninhalt