SAP Authorizations Using suggestion values and how to upgrade - SAP Admin

Direkt zum Seiteninhalt
Using suggestion values and how to upgrade
Maintain generated profile names in complex system landscapes
When the FIORI interface is called up, different roles (Fiori groups) are associated with factually related FIORI tiles. As an example, here is the group Master Data in which the FIORI tile "Manage Cost Center" can be found.

In order to be able to act fully at all times in emergency situations, an SAP emergency user must be available who has all authorizations for the entire SAP system (typically by means of the composite profile SAP_ALL). However, this not only makes him a great help, but also extremely dangerous, so that his use must be precisely regulated via a dedicated concept.
Permission implementation
Finally, the check logic provides for a row-level check within a table if you want to restrict access to the table contents depending on an organisational mapping. For example, if you want a user to view only the data from a table that affects the country where their work location is located, you must configure it accordingly. To do this, you define and activate organisation-relevant fields as an organisational criterion (see Tip 62, "Organisationally restrict table editing permissions"). To keep track of which users can access which tables, run the SUSR_TABLES_WITH_AUTH report. This report provides information about which user or single role has the S_TABU_DIS or S_TABU_NAM authorization objects. The result list shows all the authorised tables, their permissions, and their permission values.

Suitable for this responsible task are, for example, department heads or SAP key users who are familiar with all data access options (cross-module, via report, directly to the raw table, etc.) as well as with the organizational and technical protection measures. By signing the data ownership concept, the responsibility should be acknowledged and taken as seriously and bindingly as, for example, the signature under the purchase contract of a house.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Some useful tips about SAP basis can be found on www.sap-corner.de.


What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549.
Zurück zum Seiteninhalt