SAP Authorizations Advantages of authorization concepts - NW Admin

Direkt zum Seiteninhalt
Advantages of authorization concepts
Restrict Application Server Login
Now the SAP system is basically able to encrypt emails. However, the system still lacks the recipient's public key. You can manage the required public key information in the Trust Manager's address book. You can find the address book in the Transaction STRUST menu under Certificate > Address Book. Here you can import individual certificates by selecting the corresponding certificate in Certificate > Import Certificate. To get the certificates for all relevant users in this address book via a mass import, use the example programme Z_IMPORT_CERTIFICATES appended in SAP Note 1750161 as a template for a custom programme.

In order to be able to use the following reports, you must not only have the appropriate authorizations, but also be aware that, depending on your SAP release or Notes, some reports are not yet or no longer available. The following reports were executed with release level 7.50.
Create a report transaction for the report that is called in the background job. Set up the report transaction in the transaction SE93 and assign the report RHAUTUPD_NEW as a programme. Start the authorisation trace by setting the auth/ authorisation_trace profile parameter to Y or F if you want to work with filters (see tip 38, "Use the SU22 and SU24 transactions correctly"). Now run the job to collect permission checks on the permission trace. Your permission checks should now be visible in the STUSOBTRACE transaction. Now maintain the permission proposal values for your report transaction in transaction SU24 by entering the transaction code in the appropriate field. You will find that no values are maintained. Now switch to Change Mode. You can add your permission suggestions from the trace using the Object > Insert objects from Permissions Trace > Local (see Tip 40, "Use Permission Trace to Determine Suggest Values for Custom Developments"). Add the suggestion values for each displayed authorization object. Now create a PFCG role that includes the report transaction permission and maintain the open permission fields. Then test whether the job can be run with the permissions from the PFCG role.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

The security of an SAP system is not only dependent on securing the production system. The development systems should also be considered, since here it is possible to influence the productive system via changes to be transported in the development environment and in customizing or via inadequately configured interfaces. Depending on the conceptual granularity of responsibilities in the development and customizing environment, more detailed authorization checks may need to be performed.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

You can also extend the integrated workflows of both solutions to HANA permission applications.

Permissions that existed before the match are assigned the Alt update status.
Zurück zum Seiteninhalt