SAP Authorizations Optimization of SAP licenses by analyzing the activities of your SAP users - SAP Admin

Direkt zum Seiteninhalt
Optimization of SAP licenses by analyzing the activities of your SAP users
Starting Web Dynpro ABAP applications
After successful implementation of your permission check, the new authorization object for your application must be maintained in transaction SU24. If your solution is distributed in other system landscapes, the authorisation proposals in the transaction SU22 are maintained. In addition, with the permission proposal value maintenance, you can make sure that the new authorization object is not forgotten in a role system, because it is now loaded automatically into the PFCG role when the application is called up via the role menu. In the final step, the permission administrator can create the PFCG role or must remix the existing PFCG roles.

Now the SAP system is basically able to encrypt emails. However, the system still lacks the recipient's public key. You can manage the required public key information in the Trust Manager's address book. You can find the address book in the Transaction STRUST menu under Certificate > Address Book. Here you can import individual certificates by selecting the corresponding certificate in Certificate > Import Certificate. To get the certificates for all relevant users in this address book via a mass import, use the example programme Z_IMPORT_CERTIFICATES appended in SAP Note 1750161 as a template for a custom programme.
Note the maintenance status of permissions in roles and their impact
Your system has inactive users? This is not only a security risk, as they often use an initial password, but also creates unnecessary licence costs. There will always be inactive users in your SAP system. There may be several reasons for this. For example, they may be management level users that are virtually unused because they are not using the ERP system. It could also be that employees no longer use their SAP user due to a change of position or that outsiders do not work on the SAP system for a while. In any case, you should ensure that these inactive users are either blocked or invalidated. Up to now, you had to select all inactive users with the help of the RSUSR200 report and then manually transfer them into the SU10 transaction to perform the blocking. You can now do this automatically.

Step 2d (Show Modified Transaction Codes) lists all roles that have been found to use an old transaction code. Sometimes, new transaction codes replace old transaction codes. In this step you have the option to exchange the transaction codes. Once you have completed the upgrade of the Eligibility proposal values, you will be given the option in Step 3 (Transport of the Customer Tables). Transport your permissions suggestions in your system landscape.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


We recommend that you run the SU24_AUTO_REPAIR correction report regularly.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


Action log data can be accessed via the transaction SLG2 (Object: ATAX) (see also SAP Note 530733).
Zurück zum Seiteninhalt