SAP Authorizations Search for user and password locks - SAP Admin

Direkt zum Seiteninhalt
Search for user and password locks
Mitigating GRC risks for SAP systems
The Security Audit Log now also logs events where the runtime was affected by the debugger. New message types have also been defined in this context. To install this extension, you will need a kernel patch. For the fixes and an overview of the required support packages, see SAP Notes 1411741 and 1465495.

Roles reflect access to data depending on the legitimate organisational values. This information should be part of the naming convention, as these roles differ only in their organisational but not in their functional form.
Use Custom Permissions
In this article, I show you with which transaction you can easily and quickly run the authorization trace in SAP ERP or SAP S/4HANA. The displayed result provides a good overview of the involved authorizations. In this course, existing roles and profiles in authorization management (transaction PFCG) can be extended. In addition, the authorization trace is useful for maintaining authorization default values (transactions SU22 and SU24).

The Security Audit Log can also log customer-specific events in restricted way starting with SAP NetWeaver 7.31. The event definitions DUX, DUY and DUZ are reserved for customers and delivered with a dummy expression. For these events, you can then define individually configurable messages using the RSAU_WRITE_CUSTOMER_EVTS function block. To do this, you must first identify the additional necessary events and define their message texts and variables. Note that you may not change the meaning of the message and the arrangement of the variables later, as this would prevent older log files from being readable. Finally, you must include the new message definitions in your filters (transaction SM19). You will find the corrections and an overview of the required support packages in SAP Note 1941526. Since the use of this functionality requires extensive knowledge about the Security Audit Log, it is important that you also consider the recommendations in SAP Note 1941568 and that you can be supported by a basic consultant.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


Remove this permission from other users.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


After successful implementation of your permission check, the new authorization object for your application must be maintained in transaction SU24.
Zurück zum Seiteninhalt