CONCLUSION
Customising User and Permissions Management
Incorrect use of the user types and password rules can result in the shutdown of the RFC interfaces. Find out what types of users you can use and how the password rules affect these types of users. In the SAP system, you can choose between different user types when creating users. These user types control the login behaviour and also the impact of password rules on the user. This can lead to undesirable behaviour, especially if the parameter for the validity of the initial password is set. It is often not known that the password rules also apply to users of the communication type. Communication users usually use an initial password because a dialogue is not possible and the password is not changed. If parameters for the validity of the initial password are now also introduced, these also apply to communication users. We will show you how to prevent such problems and give you an overview of the types of users and the impact of the password rules.
An alternative to using the S_TABU_LIN authorization object is to create custom table views that make organisational delimitation easier to achieve. To do this, create a new view in the SE11 transaction and add the table to which the constraint will apply on the Tables/Join Conditions tab. The Selection Conditions tab allows you to specify your restrictive organisational condition in the form of a field and a field value. You then authorise all relevant users to access the view, which contains only data for your organisational restriction.
Authorization concept
In everyday role maintenance, you often have to change the permission data of a single role again after you have already recorded the role in a transport order along with the generated permission profiles. In this case, you have previously had to create a new transport order because the table keys of the generated profiles and permissions are also recorded for each individual role record, but are not adjusted for subsequent changes in the role data.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
If transactions are changed in the role menu of a single role, this option is automatically suggested to the operator. In this option, the profile generator will match the pre-existing permissions data with the SU24 transaction permission proposals from the role menu. If new permissions are added to the permission tree during this comparison, they will be marked with the Update status New. Permissions that existed before the match are assigned the Alt update status.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
However, if a company does not have a concept for introducing new SAP authorizations and these are always coupled with new roles, the roles and authorizations will continue to grow.
After all, this document serves the auditor as a template for the so-called target/actual comparison.