Authorizations in SAP BW, HANA and BW/4HANA
Managed Services
You should not grant large permissions for the SCC4 and SE06 transactions to internal and external auditors, just so that they can see the system modifiability. We present the report, which only requires the permissions a auditor usually has to view the system modifiability. There are several people who want to view the system modifiability settings in your system for specific reasons. These can be internal auditors, auditors or developers. The display of these settings, e.g. via the SCC4 or SE06 transactions, is not in itself critical; However, this has previously required permissions that are not usually assigned to the group of people just described. Since SAP NetWeaver 7.0, there is also a report that shows the system modifiability settings. This report requires only viewing permissions that can be assigned to the above-described group without any concerns. We present the application of this report and the required permissions here.
A troublesome scenario you're probably familiar with: You will soon be going live with a new business process and must now derive your roles in 97 accounting circles. Here eCATT can make your life easier. It's time again: If you don't have anyone in your department who likes to press the Copy button for several hours in the PFCG transaction, replace the Derive shortcut, and then customise the Organisation Levels (Origen) in the new roles on the Permissions tab (repeatedly connected to memory), the job will hang on you. Because there is hardly anything more boring, at the latest after one hour the first errors creep in. Whenever you have to roll out new roles, for example for your new premium business, to all your divisions, plants, etc. , the creation of the derived roles is tedious - because SAP does not offer smart mass maintenance.
Set up permission to access Web Dynpro applications using S_START
This solution is only available via a support package starting with SAP NetWeaver AS ABAP 731 and requires a kernel patch. For details on the relevant support packages, see SAP Note 1891583. In principle, user login to the application server can then be restricted by setting the new login/server_logon_restriction profile parameter.
You can assign a Table or Care View to a table through the SE11 transaction or SE54 transaction. This mapping is defined as a customising setting and therefore remains in place after a release change. You can assign a table to a table permission group by using the SE11 transaction by selecting your table in the start image and pressing the Display button.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
The care dialogue is called as a building block and provides different tabs for input depending on the authorization object.
This serves to protect your entire IT system landscape and should be carried out periodically.