SAP Authorizations System trace function ST01 - SAP Basis

Direkt zum Seiteninhalt
System trace function ST01
Identify Executable Transaction Codes
For the configuration, you must first enable encryption and, if necessary, signing in the SAPConnect administration. To do this, go to Settings > Outgoing Messages > Settings on the Signing & Encryption tab of the SCOT transaction. Note that the activation only enables the encryption or signature of emails; whether this is actually done always controls the sending application.

You can view the contents of the checked permission fields by double-clicking on the respective variables. The Variables 1 tab displays the variables with the respective values used for this eligibility check. These values correspond to the values that you also see in the System Trace for Permissions. If a permission check ends with SY-SUBRC = 0 when no appropriate permissions are available, verify that the check is turned off locally via the SU24 or globally through the SU25 or AUTH_SWITCH_OBJECTS transactions.
Controlling file access permissions
Then run step 2c. Here too, there are new features. You will be shown a selection of the roles to match again. However, you have the possibility to perform a simulation of the mixing process via the button Mix. This allows you to see which permissions would be changed in the roles without actually doing so. For more information, see Tip 44, "Compare Role Upgrade Permissions".

The report shows system owners in real time which roles exist in SAP SuccessFactors and which authorizations these roles contain. The report also shows which roles are assigned to which users and whether there are duplicates, for example of groups or authorizations. The user can export this overview at any time.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

The traceability of changes is also important in the development system, which is why the authorizations listed below should only be assigned very restrictively or only to emergency users.

The customising parameters in the table PRGN_CUST control the password generator in the transactions SU01 and SU10.
SAP BASIS
Zurück zum Seiteninhalt