SAP Authorizations User Information System (SUIM) - SAP Admin

Direkt zum Seiteninhalt
User Information System (SUIM)
System trace function ST01
Authorization object: Authorization objects are groups of authorization fields that control a specific activity. Authorization objects should always be defined in advance with the user group and then relate to a specific action within the system.

New AP implementation, S/4HANA conversion or redesign of an SAP authorization concept - the complexity has increased enormously and requires a clear structure of processes, responsibilities and the associated technical implementation. New technologies such as Fiori and Launchpads are challenges and reasons to rethink authorization structures.
Immediate authorization check - SU53
In the event that such conflicts nevertheless arise, regular checks should be established as part of an internal control system. Furthermore, the authorization concept includes content such as the integration of the data owner, security-relevant system settings, specifications for maintaining authorization default values (transaction SU24) and documentation requirements.

A manual comparison of role texts in an SAP system landscape with ZBV is very annoying. You can also automate the sync. I'm sure you know this. When creating or maintaining users in the Central User Administration (ZBV), you must manually start the text matching each time before assigning PFCG roles to provide you with the latest PFCG role definitions. Managing a large system landscape with many systems in your ZBV - including development, test and production systems - the text comparison can take a while.

Authorizations can also be assigned via "Shortcut for SAP systems".

Some useful tips about SAP basis can be found on

The security section of the ESC is the entry point for the evaluation of permissions; Therefore, it currently contains the following seven critical tests: Super User Accounts (accounts with the SAP_ALL permission profile), users with the Display all Tables permission, users with the Start all Reports permission, users with the Debug/Replace permission, users with the Display Other Users Spool Request permission, users with the Administer RFC Connections permission, users with the Reset/Change User Passwords permission.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

Make your IMG projects more secure.
Zurück zum Seiteninhalt