Error analysis for authorizations (part 1)
Note the effect of user types on password rules
Different organisational fields are used in each module. Since there are many interfaces between the modules, the main organisational fields of the modules must be linked. However, there are also organisational fields that are only relevant for the respective module. All object fields used as organisational units are listed in the USORG table. You can call this table through the SE16 transaction. Alternatively, in the selection screen of the AGR_1252 table, the value help of the VARBL field also shows the corresponding name for the respective organisation fields.
With the introduction of security policy, it is now possible to define your own security policy for System or Service users. This way you can ensure that backward-compatible passwords are still used for these users. This eliminates the reason that password rules were not valid for System/Service type users; Therefore, the rules for the content of passwords now apply to users of these types. Password change rules are still not valid for System or Service type users. If you are using security policy in your system, you can use the RSUSR_SECPOL_USAGE report to get an overview of how security policy is assigned to users. This report can be found in the User Information System (transaction SUIM). In addition, the user information system reports have added selected security policies to the user selection. This change was provided through a support package; For details, see SAP Note 1611173.
System Security
To maintain suggestion values, use the transaction SU24. Here you can view and customise suggestion values for all types of applications, such as SAP GUI transactions, RFC building blocks, or Web Dynpro applications. One way to maintain suggestion values is to use the system trace, which is linked to the transaction SU24 after inserting the support package named in SAP Note 1631929 and the correction instructions. This means that from the transaction SU24 you start the system trace, collect trace data and use this data directly during maintenance.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
As in other systems, user maintenance and role/profile assignment must be restricted to the group of user administrators. In contrast to the previous systems, however, roles and profiles are maintained here, so that appropriate rights must be assigned to the role/profile administrators.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Therefore, it is necessary to test the use of P_ABAP in individual cases and to use the existing limitations.
Which authorization objects are checked (SU22)? When calling a transaction, such as the ME23N, various authorization objects are checked.