SAP Authorizations Detect critical base permissions that should not be in application roles - NW Admin

Direkt zum Seiteninhalt
Detect critical base permissions that should not be in application roles
Maintenance Status
System trace - Transaction: ST01 or STAUTHTRACE - There is also a system trace for an evaluation. Unlike the authorization trace, a system trace is mainly designed for short periods of time. My preferred variant to call the system trace is via the transaction STAUTHTRACE. Here you can filter the evaluation directly and get a better evaluation representation. Over the individual Buttons one can switch directly the Trace on or off and display the result of the Trace.

The aim of authorization concepts is to provide each user with the authorizations required for his or her task in the SAP system in accordance with the rules. A good authorization concept is the cornerstone for efficient and cost-effective authorization assignment.
Optimization of SAP licenses by analyzing the activities of your SAP users
Incorrect use of the user types and password rules can result in the shutdown of the RFC interfaces. Find out what types of users you can use and how the password rules affect these types of users. In the SAP system, you can choose between different user types when creating users. These user types control the login behaviour and also the impact of password rules on the user. This can lead to undesirable behaviour, especially if the parameter for the validity of the initial password is set. It is often not known that the password rules also apply to users of the communication type. Communication users usually use an initial password because a dialogue is not possible and the password is not changed. If parameters for the validity of the initial password are now also introduced, these also apply to communication users. We will show you how to prevent such problems and give you an overview of the types of users and the impact of the password rules.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.

If you only want to translate the description of the role, it is recommended to record the PFCG transaction and to change the source language of the role using the Z_ROLE_SET_MASTERLANG report before the LSMW script runs through. The report on how to change the source language can be found in SAP Note 854311. Similarly, you can use the SECATT (Extended Computer Aided Test Tool, eCATT) transaction to perform the translation instead of the LSMW transaction.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

Numbers/reminders: The payment and/or collection procedure shall be managed solely on the basis of information from the collection perspective (in particular Table BSEG).

It should also be noted that the permission concepts used can be circumvented by ABAP code, which underlines the weight of security vulnerabilities in the ABAP code.
Zurück zum Seiteninhalt