SAP Authorizations Optimization of SAP licenses by analyzing the activities of your SAP users - SAP Admin

Direkt zum Seiteninhalt
Optimization of SAP licenses by analyzing the activities of your SAP users
WHY ACCESS CONTROL
The authorization check for the authorization objects PS_RMPSORG and PS_RMPSOEH runs as follows following a user entry: The system determines the organizational unit to which the user is assigned. Starting from this organizational unit, the system creates a list of all organizational units that are superior to the organizational unit determined in the first step in the hierarchy. The system determines the set (M1) of all organizational objects that are assigned to these organizational units. The system determines the organizational unit to which the object to be processed is assigned (corresponds to the lead organizational unit in the attributes of the object to be processed). Starting from this lead organizational unit, the system creates a list of all organizational units that are superior to the determined organizational unit within the hierarchy. The system determines the set (M2) of all organizational objects assigned to these organizational units. The system forms the intersection (from M1 and M2) of the matching organizational objects of the user and the object to be processed. The system determines the organizational levels that match for the user and the object being processed. Once a matching organizational level is found, the system performs the authorization check for the other fields of the authorization object (e.g., type of object or activity); if the system cannot determine a common organizational level, processing is rejected. If the user is allowed to perform the requested activity, processing is allowed; otherwise, the system rejects processing.

In the FIORI environment, there are basically two different types of access via a tile. One is the transactional tiles and the other is the native or analytical tiles :
Set up permissions to access specific CO-PA measures
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system, both externally and internally.

In such a case the last error is displayed in SU53 or the display is empty. Then you can't avoid analyzing the error message of the transaction. One more tip in the end: Instruct the user to take the screen shot with , this will put the whole active window on the clipboard and you can see which transaction, system and context of the transaction it is. Smaller "SnagIt "s are mostly useless and lead to unnecessary queries.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

The website www.sap-corner.de offers many useful information about SAP basis.


If you have a large SAP system landscape in use, the control of the many different security settings can be complex.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


In 2020, there were 82,761 cases of computer fraud in Germany.
Zurück zum Seiteninhalt