SAP Authorizations Rebuilding the authorization concept - SAP Admin

Direkt zum Seiteninhalt
Rebuilding the authorization concept
Solution approaches for efficient authorizations
Identify the user master record in the Active Directory associated with the user ID that you are creating in the SU01 transaction. To do this, search within the Active Directory for a user master set for which the user ID you are looking for is entered as the SAP user name. Next, fill in the transaction SU01 fields with the data from the Active Directory User Set.

Authorization object: Authorization objects are groups of authorization fields that control a specific activity. Authorization objects should always be defined in advance with the user group and then relate to a specific action within the system.
Authorization roles (transaction PFCG)
In order to be able to act fully at all times in emergency situations, an SAP emergency user must be available who has all authorizations for the entire SAP system (typically by means of the composite profile SAP_ALL). However, this not only makes him a great help, but also extremely dangerous, so that his use must be precisely regulated via a dedicated concept.

The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept. The checks allow incorrect authorizations to be identified and rectified without a redesign.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

Some useful tips about SAP basis can be found on www.sap-corner.de.


The SAP HANA Studio and HANADatenbank are currently subject to extensive further developments; Therefore, the respective versions of the SAP HANA studio must be compatible with the HANA databases to be connected.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.


We recommend using the report as you have more options to personalise the evaluation and to include archived logs of different application servers in the evaluation.
Zurück zum Seiteninhalt