Transactional and Native or Analytical Tiles in the FIORI Environment
Query Data from Active Directory
This start authorization check is delivered inactive. To use it, you must activate it. After activation, you can use authorizations to control which Web Dynpro ABAP applications users are allowed to run. For the start authorization check of Web Dynpro ABAP applications, the system uses the authorization object S_START in the same way as the authorization object S_TCODE for transactions. The object has the fields AUTHPGMID, AUTHOBJTYP and AUTHOBJNAM, which correspond to the key fields PGMID, OBJECT and OBJ_NAME of the object catalog (table TADIR). So, during the start authorization check, the Web Dynpro ABAP runtime checks the key of the object catalog entry for the Web Dynpro ABAP application.
Both solutions offer you the added value of centralised reporting of existing users, newly created users, and role assignments. You can also extend the integrated workflows of both solutions to HANA permission applications. This enables you to use the risk analysis of the SAP Access Control solution also in relation to critical HANA permissions.
Custom requirements
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system - both externally and internally.
You can create such an organisational matrix as an Excel file or in ABAP; This depends on how you want to read the data. When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered. We first describe how you can provide automated mass care in the form of a custom development.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
TMSADM: The user TMSADM serves the communication between SAP systems in the transport management system and is automatically created in the client 000 when they are configured.
Due to the complexity of an SAP® authorization concept, it is necessary that all essential aspects are set down in a written documented authorization concept.