SAP Authorizations Risk: historically grown authorizations - SAP Basis

Direkt zum Seiteninhalt
Risk: historically grown authorizations
Use table editing authorization objects
It is easier to specify the programme name in the PROGRAM field because the maximum value of 40 characters is the limit for programme names in the SAP NetWeaver application server ABAP. If it is a function block or a Web application, you can obtain the programme name by using the System Trace for Permissions (transaction ST01 or transaction STAUTHTRACE). In the SPTH table, you can define access rights for paths and whether you want to perform an additional permission check on the S_PATH object.

As a role developer, you can now select the specific application in the PFCG transaction from the list of web dynpro applications published by the software developers on the Menu tab and enter it in the Role menu. To generate the role profile, switch to the Permissions tab. There you can check the concrete value expressions of the S_START permission fields and, if necessary, the additional relevant authorization objects for this Web application and supplement them if necessary. Finally, you must generate the role profile as usual.
Deleting table change logs
Permissions must have both identical maintenance status (default, maintained, modified, manual) and an identical active status (active or inactive). Exceptions represent changed permissions and manual permissions; these are summarised when the active status is identical.

Set a specific acronym or character to indicate whether your role has critical accesses so that separate assignment or approval rules can be observed for such roles. Define here what"critical"means for your project. Do you only want to identify permissions that are critical to the operation of the SAP system, or business-critical processes? Also define the consistency that has a critical role to play in the assignment to the user.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

If the Profit Centre field is not filled in the journal view (Table BSEG), the general ledger view (usually Table FAGLFLEXA) is checked.

For example, we searched for applications with similar functionality as the PPOME transaction provides.
SAP BASIS
Zurück zum Seiteninhalt