SAP Authorizations Activity level - SAP Basis

Direkt zum Seiteninhalt
Activity level
Deleting table change logs
Call the SIMGH transaction and create your own IMG structure, such as company name Customising. You will then add node outline to this tree. Often it makes sense to break down into SAP components such as finance, controlling and sales. Now add the tree as your favourite to make it easier to find it quickly. Then call the transaction S_IMG_EXTENSION and look for the IMG structure SAP Customising Introduction Guide. This is the default IMG structure in which you must include your structure. To expand, you must specify an extension ID. If there is no extension, you must create an extension ID. Position the cursor under My Favourites on the entry SAP Customising Intro Guide, and then click the Expand Structure button.

With apm Suite, you can put together your individual GRC/SOX-compliant solution for SAP authorizations as needed. This is helpful, for example, to optimally manage SAP roles, for the determination of critical rights, the SAP user application, the auditing of emergency users or the password self service. With apm Suite you will never lose track of your compliance in SAP authorization management.
List of required organisational levels and their value
The AIS cockpit is currently in pilot delivery without SAP default audit structures. Once these are available, they are listed in SAP Note 1856125. Prior to the re-conversion of the AIS to thematic audit structures, the AIS standard roles of the role-based care environment were copied into the customer name space and assigned to the users. You can also use the AIS default roles as a template for custom area menus.

One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces. In principle, interfaces within a transport landscape should be avoided with regard to the criticality of the systems "uphill", i.e. from an "unsafe" to a "safe" system (e.g. E system to Q or P system). However, this cannot always be implemented; for example, such interfaces are needed within the transportation system. Without going too deeply into the subject, however, critical interfaces can be characterized by the following properties. Critical interfaces refer to a critical system and a critical client, contain an interface user with critical authorizations in the target client, contain its deposited password.

Authorizations can also be assigned via "Shortcut for SAP systems".

Of course, you can also use the data obtained with the permission trace (with filter for the S_DATASET authorization object) to express permissions on the object itself.

In this case, no value is reported in the Value column in the control centre.
Zurück zum Seiteninhalt