SAP Authorizations General authorizations - NW Admin

Direkt zum Seiteninhalt
General authorizations
Advantages of authorization tools
Another special feature of the role menu is the maintenance of object-based navigation. If a call to a transaction has been executed through a button in a Web Dynpro application, you must make the Object-based Navigation settings for the transaction to call. To do this, select the appropriate item in the (F4) Help. You may need to ask the developer of the application for navigation information.

Permissions are often not restricted because there is often no information about how the object should be shaped. The identification of the required functional components is often considered to be too burdensome and the risks from a lack of limitation are considered to be too low.
Further training in the area of authorization management
One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces. In principle, interfaces within a transport landscape should be avoided with regard to the criticality of the systems "uphill", i.e. from an "unsafe" to a "safe" system (e.g. E system to Q or P system). However, this cannot always be implemented; for example, such interfaces are needed within the transportation system. Without going too deeply into the subject, however, critical interfaces can be characterized by the following properties. Critical interfaces refer to a critical system and a critical client, contain an interface user with critical authorizations in the target client, contain its deposited password.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.

In contrast to storing passwords in the form of hash values, the user ID and password are transmitted unencrypted during the login of the client to the application server. The Dynamic Information and Action Gateway (DIAG) protocol is used, which may look somewhat cryptic but does not represent encryption. In addition, there is no cryptographic authentication between the client and the application server. This applies not only to communication between the user interface and the application server, but also to communication between different SAP systems via Remote Function Call (RFC). So, if you want to protect yourself against the access of passwords during the transfer, you have to set up an encryption of this communication yourself.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure.

Then save your input.
Zurück zum Seiteninhalt