SAP Authorizations Reset passwords using self service - SAP Admin

Direkt zum Seiteninhalt
Reset passwords using self service
Architecture of authorization concepts
Because certain types of permissions, such as analysis permissions, for SAP BW, or structural permissions in SAP ERP HCM are not based on SAP permission profiles, these permissions are not displayed or refreshed in the permission buffer. To analyse such eligibility issues, you must therefore use the appropriate tools, such as the HRAUTH transaction for SAP ERP HCM or the RSECADMIN transaction for SAP BW. The same applies to the Organisation Management buffer if you use indirect role mapping. Run the RHWFINDEXRESET report to reset the Organisation Management buffer. A prerequisite for the user buffer to be up-to-date is the correct user matching (green instead of yellow statusabilds on the Users tab).

The proposed values in the SU24 transaction are an imperative for the maintenance of PFCG roles, as these values are used when creating PFCG roles. The better these values are maintained, the less effort is required to maintain the PFCG roles (see figure next page). You may ask yourself in which cases it makes sense to adjust the proposed values, since they have such a large impact on the maintenance of roles.
Correct settings of the essential parameters
In the SU22 transaction, the developers of an application maintain the proposed values for all required authorization objects; the authorisation trace helps in this. As described in SAP Note 543164, the dynamic profile parameter auth/authorisation_trace of the trace is set to Y (active) or F (active with filter). By inserting the SAP Notes 1854561 or the relevant support package from SAP Note 1847663, it is possible to define a filter for this trace via the STUSOBTRACE transaction, which you can restrict by the type of application, authorization objects, or user criteria.

The first step is to create an IMG project. You can create a new project or edit an existing project to create a customising role. To do this, call the SPRO_ADMI project management entry transaction. If a suitable project is not available, you can view the list of SAP customising activities. To do this, click the SAP Reference-IMG button or create a new project. To do this, select the Create Project button ( ) or the (F5) button. A new window will open, where you enter the project name. Note that you have a maximum of ten characters for the name. Once you have confirmed your input, a new screen will open. The General Data tab allows you to specify users, project managers, project times, and the language for the information texts.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

On you will also find useful information about SAP basis.

Therefore, if a permission error occurs, permission administrators must first check which application server the user is logged on to with the permission issue and then start the trace on that application server.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.

This is what enables users to work with the SAP system in the first place, but it can, under certain circumstances, unintentionally add up to conflicts over the separation of functions or even legally critical authorizations.
Zurück zum Seiteninhalt