SAP Authorizations Assignment of roles - SAP Basis

Direkt zum Seiteninhalt
Assignment of roles
Edit Old Stand
If the changes to your SU24 data have not been detected with step 2a, or if you have imported transports from other system landscapes into your system, you have the option to reset the timestamp tables and start again. To do this, run the SU24_AUTO_REPAIR report in a system that is still at the state of the legacy release so that the modification flag is set correctly (see tip 38, "Use the SU22 and SU24 transactions correctly"). Subsequently, you create a transport and transport your SU24 data to the system, which is at the state of the new release. Now delete your timestamp tables. You can use the report SU25_INITIALIZE_TSTMP. Starting with SAP NetWeaver 7.31, you have the choice to set the reference time stamp from the SU22 data or delete the contents of the time stamp tables. You can then run Step 2a again.

Security notes correct vulnerabilities in SAP standard software that can be exploited internally or externally. Use the System Recommendations application to keep your systems up to date. SAP software is subject to high quality assurance standards - however, security vulnerabilities may occur in the code. These vulnerabilities can, in the worst case scenario, open the door to external and internal intruders. It is not difficult to find guidance on exploiting these vulnerabilities in relevant internet forums. A permission concept is only as good as the code that performs the permission checks. If no permission check occurs in your code, the permission concept cannot restrict access. For these reasons, SAP has introduced Security Patch Day (every other Tuesday of the month), which will allow you to better plan for implementing the security advisories. In addition, you can use the System Recommendations application in the SAP Solution Manager to get a detailed, cross-system overview of the security advice you need. The system status and the SAP hints already implemented are taken into account. With this support, ensure that your system landscape is at the current security level.
Advantages of authorization tools
What's New from System Trace for Permissions! Here, features have been added that make recording and role maintenance much easier. Permission values in PFCG roles are maintained and debugging requires the use of the system trace for permissions. In the past, SAP customers have asked for more ease of use, since the trace evaluation is sometimes confusing.

The object S_PROGRAM checks since SAP Release 2.x for the field TRDIR-SECU i.e. the authorization group of the program. As of Release 7.40, you can optionally switch on a check for the object S_PROGNAM. For more information, see note 2272827 for further instructions. The check on S_PROGNAM MUST first be activated in the customer system. Note, however, that they CORRECTLY authorize S_PROGNAM before doing so, otherwise NOBODY except emergency users will be able to start any report or report transaction after the SACF scenario is activated.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

The data collected within the BAdIs is written into the fields of the transaction SU01.

Now call the transaction ST03N and navigate to: Collector & Perf.
Zurück zum Seiteninhalt