Rebuilding the authorization concept
Manual authorizations
System Privileges (Database System) permissions: System Privileges are SQL permissions that control administrative actions throughout the database. Such actions include creating a (database) schema (CREATE SCHEMA), creating and modifying roles (ROLE ADMIN), creating and deleting a user (USER ADMIN), or running a database backup (BACKUP ADMIN).
Both solutions offer you the added value of centralised reporting of existing users, newly created users, and role assignments. You can also extend the integrated workflows of both solutions to HANA permission applications. This enables you to use the risk analysis of the SAP Access Control solution also in relation to critical HANA permissions.
Maintain proposed values using trace evaluations
Similarly, SAP Identity Management version 7.2 SP 3 and above supports the installation of HANA users and the assignment of roles. You can also use Identity Management to add value to the business roles for creating a user with role assignment in the ABAP system and HANA database.
By inserting SAP Note 1723881, you resolve the third of these problems by banning the recording of the same role on different transport orders. To enable this change in system behaviour, you must set the CLIENT_SET_FOR_ROLES customising switch to YES in the PRGN_CUST table. This toggles the setting in the SCC4 transaction for changing and recording custom customising objects ("Client modifiability") for role maintenance.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Therefore, structural authorizations should only be used together with general authorizations.
You can select here whether only SAP standard applications or customer or partner applications should be considered.