Evaluation of the authorization check SU53
Reset passwords using self service
In many SAP environments, there are historically grown authorization structures that cause unnecessary security gaps. These should be examined closely.
The SAP authorization concept protects transactions, programs, services and information in SAP systems against unauthorized access. Based on the authorization concept, the administrator assigns users the authorizations that determine the actions this user can perform in the SAP system after logging on and being authenticated.
Authorization objects
Transaction SE63 allows you to translate a variety of text in the SAP system. You can find the relevant texts for the eligibility roles via the menu path: Translation > ABAP Objects > Short Texts In the pop-up window Object Type Selection that appears, select the S3 ABAP Texts node and select the ACGR Roles sub-point.
This information is used in the name generation of the external service. In this way, all area start pages and logical links configured in a CRM business role are authorised in the form of external services. Due to the mass of external services that appear in the role menu, it is difficult to keep track of them. Now, to allow only certain external services, you can do the following: First, identify the external service using the permission trace.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The programme is then checked to see if it is included in the table of allowed programmes (table TPCPROG, configuration with the transaction TPC4).
You can read the order in which the favourite entries are sorted from the SORT_ORDER field.