SAP Authorizations Consolidate user-level role mapping - SAP Basis

Direkt zum Seiteninhalt
Consolidate user-level role mapping
Permissions and User Root Sets Evaluations
For an authorization concept, a clear goal must first be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective SAP system must fulfill and the associated authorization concept must take into account. In this way, the legal framework conditions are defined. In addition, uniform naming conventions should be used because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. Clearly defined responsibilities ensure the effectiveness of a concept. Specific persons must be named or at least roles defined in a separate section. A chapter should be dedicated to the process for user management. Here, it must be described how users obtain existing SAP authorizations, how new users are integrated into the SAP system, and who is responsible for approving authorizations. The chapter on the process for authorization management defines who is allowed to create and edit which roles and who is responsible for the development of various related processes. The chapter on special authorizations describes processes and special features in the area of non-dialog operations. These include job management and interface convention. Other administrative authorizations can also be described. The chapter on role concept explains how business requirements are transferred to a technical role. The role concept takes on a special significance, since it describes the actual mapping of business roles to the technical roles and thus to the authorizations in SAP.

Create a function block in the Customer Name Room. You can choose the supplied SAMPLE_INTERFACE_00001650 as the template. For us, it has proven itself, in the name of the new function block, the name BTE and the number of the template (here: 1650).
Set up permissions to access specific CO-PA measures
In order to sustainably guarantee the security of the SAP system internally and externally, regular auditing is indispensable. Existing rule violations must be detected and corrected. In addition, it is important to document the regular operation of SAP in order to have evidence of this for external and internal requirements. Automated processes can save a lot of time and money.

In order to use the statistical usage data, you must first extend the default SAP value of the retention time to a reasonable period of time. For a representative period, a minimum of 14 months and a maximum of 24 months shall be sufficient. This includes day-to-day business, monthly financial statements, underyear activities such as inventory and annual financial statements. Now call the transaction ST03N and navigate to: Collector & Perf. Database > Performance Database > Workload Collector Database > Reorganisation > Control Panel.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

Before you can write a User-Exit in a validation, you have to make some preparations.

However, you are limited by the interface parameters of the application.
Zurück zum Seiteninhalt