Immediate authorization check - SU53
Checking at Program Level with AUTHORITY-CHECK
Confidential information from your SAP system can also be sent by email. Make sure that this data is only transmitted encrypted. Your SAP system contains a lot of data, which is often confidential. This can be business-critical or personal data or even passwords. It happens again and again that such data must also be sent by e-mail. Therefore, make sure that this information is always encrypted and signed if necessary. Encryption is intended to ensure the confidentiality of the data, i.e. that only the recipient of the e-mail should be able to read it. The digital signature serves the integrity of the data; the sender of an e-mail can be verified. We present the configuration steps required for encryption and provide examples of how to encrypt the sending of initial passwords. There are two ways to encrypt and sign emails in the SAP system: via SAPconnect, via a secure third-party email proxy.
Let's say that a user - we call her Claudia - should be able to edit the spool jobs of another user - in our example Dieter - in the transaction SP01. What do you need to do as an administrator? Each spool job has a Permission field; By default, this field is blank. If Claudia wants to see a Dieter spool job, the system will check if Claudia has a specific spool job permission with a value of DIETER. Claudia does not need additional permissions for its own spool jobs that are not protected with a special permission value.
Grant permission for external services from SAP CRM
Another important factor that should be considered in an authorization concept is to use a uniform naming convention because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. In addition, the preset authorization roles of the SAP system should never be overwritten or deleted, but only copies of them should be created, which can then be adapted as desired.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
We first describe how you can provide automated mass care in the form of a custom development.
Since developer authorizations correspond to full authorization, they should only be assigned restrictively.