SAP Authorizations Identify Executable Transaction Codes - NW Admin

Direkt zum Seiteninhalt
Identify Executable Transaction Codes
SAP FICO Authorizations
It is essential to implement adequate authorization checks in every ABAP development. For this purpose, the so-called AUTHORITY-CHECK is used, which queries the required authorization object characteristics and thus only allows authorized users to execute the code.

When you start a report with the ABAP statement SUBMIT REPORT, the system checks the authorization object S_PROGRAM, provided that the program has been assigned to a program authorization group in transaction SE38. If this assignment is not sufficient for your system environment, you can define your own group assignment with the report RSCSAUTH. You must check this assignment after installing Support Packages or upgrades and reassign the reports if necessary.
Redesign of SAP® Authorizations
If you want to set the table logger check for multiple tables, you should note that the principles for changing Dictionary objects apply, i.e. you will generate increased system loads in running systems. Therefore, you should make both the modification and the transport of the changes outside of business hours. The SAP system only provides customising tables for table logging by default; so you don't have to worry about performance. Tables that serve to customise typically contain relatively little data that is rarely changed. However, you should not turn on table logging for tables that are subject to mass changes, as there may be performance and disk space issues. This applies to tables with root or movement data. After all, if table logging is enabled, a log entry in the DBTABLOG table is generated for each change to the contents of a logged table.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

This report not only gives you an overview of the table logging settings in the tables, but also allows you to select multiple tables for logging. The Log flag button allows you to set the table logging check for all previously selected tables. The current status of the table loggers for the tables can be found in the Protocol column. The icon means that the table logger for the selected table is off.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

In addition to your custom authorization objects, you must also express the other relevant CO-PA authorization objects in your users' permissions.

If you do not have authorization e.g. for a transaction and you get a message that you are missing authorization, you can use transaction SU53 to analyze the missing authorization.
Zurück zum Seiteninhalt