SAP Authorizations Our services in the area of SAP authorizations - SAP Admin

Direkt zum Seiteninhalt
Our services in the area of SAP authorizations
Detect critical base permissions that should not be in application roles
To do this, first define what information should be checked. In the SU20 transaction, verify that the required fields may already exist as permission fields. If you want to check custom fields, you must create your own permission fields in the transaction SU20. Please pay particular attention to the (F4) help provided. When defining customised permission fields, you assign a name in the Field Name field that is in your Customer Name Room and assign the corresponding data element and, if desired, a table name for a value help. The next step is to create your own authorization object and assign your permission fields and, if necessary, default permission fields. If you use the ACTVT field to validate the activity, you must use the Activities allowed button to select the activities that you want to validate from the source code of your programme. For recommendations on the naming conventions for authorization objects, see SAP Note 395083.

I show how SAP authorizations can be assessed and monitored by using the Three Lines of Defense model. This method can be applied even if the model is not used for all enterprise risks. You will learn how to integrate the different stakeholders into the lines of defense and harmonize the knowledge for the process. Also, what tools can be used for controls and cleanups in each case. This ensures, for example, that managers are able to assess the risks and derive measures, and that administrators can technically clean up the risks.
SAP S/4HANA: Analysis and simple adjustment of your authorizations
With more than 28 users, the simple Copy & Paste in the user selection no longer works. However, this does not mean that you have to care for all users individually! It is common for you to make mass changes to users in the SAP system, such as changing role assignments, locking a group of users, or having to adjust their validity dates. Unfortunately, there is no button in the start image of the transaction SU10 that allows users to be pasted from the clipboard. While Copy & Paste allows you to insert users from the clipboard, this feature is limited to the visible area. Therefore, it is not possible to add a list of more than 28 users, which can be very difficult for long lists.

If a user is assigned SAP_ALL, he has all permissions in an ABAP system. Therefore, particular care should be taken in the dedicated award of this entitlement. SAP_ALL can be generated automatically when you transport authorization objects. The SAP_ALL_GENERATION parameter must be maintained in the PRGN_CUST table.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


In this part, the concentration is on a deeper level, namely directly in the SAP® system.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


The information in this transaction comes from the TCDCOUPLES table and is included.
Zurück zum Seiteninhalt