SAP Authorizations Security within the development system - SAP Admin

Direkt zum Seiteninhalt
Security within the development system
Preventing sprawl with the workload monitor
Access to personal data in a company is a sensitive issue. It is essential to manage this access securely and to be able to provide information at any time about who has access to the data, when and in what way - and not just for the sake of the auditor. For this reason, the topic of SAP authorizations is a very important one, especially for the HR department.

Today we come to the error analysis with authorizations. The best thing that can happen is the error of the type: "I don't have authorization to do this and that!" (CASE1). Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2). How to proceed? First of all we come to case 1 This case, that someone has no authorization for something, supports the system excellently! The code word is SU53! If a transaction encounters an authorization error, then this error is written to a memory area that can be displayed. For this there is once the transaction SU53 or the menu selection "System/Utilities/Anc authorization check". With this function, the system outputs information showing which authorization objects are missing for the user.
Use table editing authorization objects
In our example, the end user logs on to an SCM system, but can also call ERP transactions from here. To have these ERP transactions available in SAP SCM, create a new PFCGE role in SAP SCM, e.g. ZS:XXXX:ERP_MENU. The ERP transactions that the user should have access to are added to the roles menu by selecting Apply Menus > From Other Role > Destination System. Now select the appropriate ERP system and then select the appropriate PFCG role from SAP ERP. You do not need a profile for this "menu role" because this role only includes the ERP menu. You can now sort the transactions in the Hierarchy pane by using drag and drop or by using the arrow keys as you need them in the NWBC.

However, if a company does not have a concept for introducing new SAP authorizations and these are always coupled with new roles, the roles and authorizations will continue to grow. New modules, new processes and new user groups very quickly lead to many authorization groups, numerous authorization roles and complex documentation - even assuming the ideal case that companies have used Excel, for example, for all previous implementations and enhancements and have kept the documentation up to date. What is the purpose of a role? Which user has which authorization? Due to the amount of roles and authorizations, it quickly becomes confusing for users. System performance also suffers as the amount of data increases.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.


If necessary, run this report in the old lease, but in any case before importing the new proposal values.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


We now want to describe the necessary settings in the sending application using the example of encrypted sending of initial passwords.
Zurück zum Seiteninhalt